Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Prevx 64-bit rootkit; complete takeover of Folder properties,


  • This topic is locked This topic is locked

#1
dmountz1983

dmountz1983

    New Member

  • Member
  • Pip
  • 8 posts
My local service is completely corrupted. Slow processes and folder property limitations are preventing me from extracting the rootkit, trojan, e.g.
Any help would be greatly appreciated. I've tried most of the popular virus, rootkit, trojan, and spyware removal tools/programs. The registry has been restored to a previous date, but with the malware still attached. My name is Derek, thank you again for trying to help. I'm currently running Windows 7 Home Premuim, with a AMD x4 processor 2.8GHz, with an Nvidia GeForce GT 240 graphics card. I'm using Avast Pro Security with Spybot search and destroy for spyware, I also have a 1TB Sata HD. Any advice would help out a very slow and clunky pc.
New observation of system has alerted me that I have Hijacked files in my Registry. Some are included under HOTKEY_LOC_MACHINE, they consist of firewalldisable, antivirusdisable, securitycenterdisable, any help would be great.

Edited by dmountz1983, 30 June 2013 - 03:57 AM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello dmountz1983,

Welcome to Geekstogo.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
dmountz1983

dmountz1983

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Owner (administrator) on 30-06-2013 21:46:14
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
BootExecute: autocheck autochk * bddel.exeafeBox??¿?????

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
SearchScopes: HKCU - Comcast URL = http://search.comcas...q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.ipl...q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

Chrome:
=======
CHR HomePage: hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=98d79d500000000000006cf049d99d33
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Raindrops) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 MBAMService; C:\Program Files (x86)\PeanutButterCup.MB\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S4 Mezzmo; "C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe" /ServerName="Mezzmo" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-03-17] (EldoS Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-03-17] (EldoS Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
R1 pxrts; C:\Windows\System32\drivers\pxrts.sys [65736 2013-03-23] (Prevx)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-06-11] (support.com, Inc)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-06-30] ()
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
U4 nicm;
U4 nwfilter;
U4 parvdm;
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 21:46 - 2013-06-30 21:46 - 00000000 ____D C:\FRST
2013-06-30 21:45 - 2013-06-30 21:45 - 01933758 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-30 21:43 - 2013-06-30 21:43 - 00016108 ____A C:\Users\Owner\Desktop\download.htm
2013-06-30 20:11 - 2013-06-30 20:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
2013-06-30 20:11 - 2013-06-30 20:11 - 00000000 ____D C:\Users\Owner\AppData\LocalGoogle
2013-06-30 20:10 - 2013-06-30 20:10 - 00800192 ____A (Google Inc.) C:\Users\Owner\Downloads\googledrivesync.exe
2013-06-30 19:17 - 2013-06-30 19:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-30 19:16 - 2013-06-30 19:16 - 02347384 ____A (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2013-06-30 19:12 - 2013-06-30 19:12 - 00063872 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-30 19:12 - 2013-06-30 19:12 - 00015435 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-30 19:09 - 2013-06-30 19:09 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.exe
2013-06-30 19:05 - 2013-06-30 19:06 - 00000969 ____A C:\AdwCleaner[S3].txt
2013-06-30 19:05 - 2013-06-30 19:05 - 00000910 ____A C:\AdwCleaner[R2].txt
2013-06-30 18:57 - 2013-06-30 18:58 - 00001287 ____A C:\AdwCleaner[S2].txt
2013-06-30 18:57 - 2013-06-30 18:57 - 00648201 ____A C:\Users\Owner\Desktop\adwcleaner.exe
2013-06-30 18:57 - 2013-06-30 18:57 - 00001220 ____A C:\AdwCleaner[R1].txt
2013-06-30 18:56 - 2013-06-30 18:56 - 00890988 ____A C:\Users\Owner\Desktop\SecurityCheck (1).exe
2013-06-30 18:55 - 2013-06-30 18:55 - 00890988 ____A C:\Users\Owner\Downloads\SecurityCheck.exe
2013-06-30 18:36 - 2013-06-30 18:36 - 00026046 ____A C:\ComboFix.txt
2013-06-30 18:26 - 2013-06-30 18:36 - 00000000 ____D C:\ComboFix
2013-06-30 18:26 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-30 18:26 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-30 18:26 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-30 18:25 - 2013-06-30 18:36 - 00000000 ____D C:\Qoobox
2013-06-30 18:23 - 2013-06-30 18:23 - 05084517 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-06-30 17:05 - 2013-06-30 17:05 - 00065232 ___AH (Malwarebytes) C:\Users\Owner\Downloads\regassassin-setup-1.03.exe
2013-06-30 17:03 - 2013-06-30 17:03 - 00584600 ____A C:\Users\Owner\Downloads\cbsidlm-tr1_13-GMER-SEO-10720107.exe
2013-06-30 17:03 - 2013-06-30 17:03 - 00000855 ____A C:\Users\Owner\Desktop\Install GMER.lnk
2013-06-30 15:24 - 2013-06-30 15:24 - 00000000 ____D C:\Program Files (x86)\ Online Backup
2013-06-30 08:41 - 2013-06-30 08:41 - 00000000 ____D C:\Users\Owner\Desktop\mbam-chameleon-1.62.1.1000
2013-06-30 08:34 - 2013-06-30 08:34 - 00007520 ____A C:\Users\Owner\Documents\cc_20130630_083400.reg
2013-06-30 08:27 - 2013-06-30 08:28 - 00000000 ____D C:\Windows\F9233F0256174BDC8EC64B798EDFE6F4.TMP
2013-06-30 06:10 - 2013-06-30 06:10 - 00712264 ____A C:\Windows\is-2G064.exe
2013-06-30 06:10 - 2013-06-30 06:10 - 00011277 ____A C:\Windows\is-2G064.msg
2013-06-30 06:10 - 2013-06-30 06:10 - 00000358 ____A C:\Windows\is-2G064.lst
2013-06-30 06:09 - 2013-06-30 06:09 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-30 06:00 - 2013-06-30 19:08 - 00000410 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-30 06:00 - 2013-06-30 19:07 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-30 06:00 - 2013-06-30 06:00 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
2013-06-30 05:59 - 2013-06-30 05:59 - 00671384 ____A (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\SlimDrivers-setup.exe
2013-06-30 05:32 - 2013-06-30 05:32 - 00002995 ____A C:\Users\Owner\Desktop\HiJackThis.lnk
2013-06-30 05:32 - 2013-06-30 05:32 - 00000000 ____D C:\Program Files (x86)\HiPanties
2013-06-28 04:36 - 2013-06-28 04:36 - 00000646 ____A C:\Users\Owner\Documents\HIjackerfiles.reg
2013-06-28 03:49 - 2013-06-30 06:13 - 00000000 ____D C:\Program Files (x86)\PeanutButterCup.MB
2013-06-28 03:48 - 2013-06-28 03:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\PeanutButtercup.exe
2013-06-28 03:47 - 2013-06-30 06:10 - 00001055 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-28 03:47 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-28 03:44 - 2013-06-28 03:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup.exe
2013-06-28 03:36 - 2013-06-28 03:38 - 00000035 ____A C:\Users\Owner\AppData\Roaming\SetValue.bat
2013-06-28 03:35 - 2013-06-28 03:38 - 00000000 ____A C:\Windows\System32\tmp.txt
2013-06-28 03:34 - 2009-06-02 11:17 - 00075776 ____A C:\Windows\System32\WS2Fix.exe
2013-06-28 03:34 - 2008-12-12 02:57 - 00078336 ____A (S!Ri.URZ) C:\Windows\System32\Agent.OMZ.Fix.exe
2013-06-28 03:34 - 2008-11-29 19:58 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.C.exe
2013-06-28 03:34 - 2008-10-01 15:51 - 00087552 ____A (S!Ri.URZ) C:\Windows\System32\VACFix.exe
2013-06-28 03:34 - 2008-09-20 12:45 - 00080384 ____A (S!Ri.URZ) C:\Windows\System32\o4Patch.exe
2013-06-28 03:34 - 2008-08-18 12:19 - 00082432 ____A (S!Ri.URZ) C:\Windows\System32\404Fix.exe
2013-06-28 03:34 - 2008-05-18 21:40 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.exe
2013-06-28 03:34 - 2007-09-06 00:22 - 00289144 ____A (S!Ri) C:\Windows\System32\VCCLSID.exe
2013-06-28 03:34 - 2006-12-01 07:20 - 00079360 ____A (SteelWerX) C:\Windows\System32\swxcacls.exe
2013-06-28 03:34 - 2006-08-29 19:43 - 00135168 ____A (SteelWerX) C:\Windows\System32\swreg.exe
2013-06-28 03:34 - 2006-04-27 17:49 - 00288417 ____A (S!Ri) C:\Windows\System32\SrchSTS.exe
2013-06-28 03:34 - 2006-01-09 11:36 - 00040960 ____A C:\Windows\System32\swsc.exe
2013-06-28 03:34 - 2004-07-31 18:50 - 00051200 ____A C:\Windows\System32\dumphive.exe
2013-06-28 03:34 - 2003-06-05 21:13 - 00053248 ____A (http://www.beyondlogic.org) C:\Windows\System32\Process.exe
2013-06-27 19:14 - 2013-06-27 19:28 - 95186888 ____A C:\Users\Owner\Downloads\vpsupd.exe
2013-06-27 19:09 - 2013-06-27 19:10 - 88785288 ____A C:\Users\Owner\Downloads\vpsupd4.exe
2013-06-27 18:49 - 2013-06-27 18:49 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 11:39 - 2013-06-27 17:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-27 07:17 - 2013-06-27 07:17 - 01034464 ____A (Solid State Networks) C:\Users\Owner\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-25 11:37 - 2013-06-30 18:58 - 00665014 ____A C:\Windows\PFRO.log
2013-06-25 04:16 - 2013-06-27 17:36 - 00000000 ____D C:\users\Guest.Owner-PC56456
2013-06-25 04:16 - 2013-06-25 04:16 - 00000020 __ASH C:\Users\Guest.Owner-PC56456\ntuser.ini
2013-06-25 04:16 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Guest.Owner-PC56456\AppData\Local\Microsoft Help
2013-06-24 23:41 - 2013-06-25 14:22 - 00000000 ____D C:\ProgramData\Norton
2013-06-24 23:41 - 2013-06-25 14:22 - 00000000 ____D C:\ProgramData\Application Data\Norton
2013-06-24 22:37 - 2013-06-24 22:37 - 00000000 ____D C:\ProgramData\Sophos
2013-06-24 22:37 - 2013-06-24 22:37 - 00000000 ____D C:\ProgramData\Application Data\Sophos
2013-06-24 22:35 - 2013-06-24 22:35 - 71612144 ____A (Sophos Limited) C:\Users\Owner\Downloads\Sophos Virus Removal Tool.exe
2013-06-24 20:39 - 2013-06-30 15:12 - 00009020 ____A C:\Windows\DPINST.LOG
2013-06-24 20:39 - 2013-06-24 20:39 - 00000000 ____D C:\Program Files\DIFX
2013-06-24 20:38 - 2013-06-30 08:28 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2013-06-24 20:38 - 2013-06-24 20:38 - 00000000 ____D C:\ProgramData\Leapfrog
2013-06-24 20:38 - 2013-06-24 20:38 - 00000000 ____D C:\ProgramData\Application Data\Leapfrog
2013-06-24 20:37 - 2013-06-24 20:38 - 44480392 ____A C:\Users\Owner\Downloads\LeapFrogConnectOfflineSetup_MyOwnLeaptop (1).exe
2013-06-24 14:32 - 2013-06-30 19:07 - 00003985 ____A C:\Windows\setupact.log
2013-06-24 14:32 - 2013-06-24 14:32 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 12:05 - 2013-06-24 12:05 - 00006258 ____A C:\Users\Owner\Documents\install.txt
2013-06-24 06:57 - 2013-06-28 03:50 - 00002740 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-06-24 06:51 - 2013-06-24 06:51 - 00164694 ____A C:\Users\Owner\AppData\Local\census.cache
2013-06-24 06:51 - 2013-06-24 06:51 - 00098539 ____A C:\Users\Owner\AppData\Local\ars.cache
2013-06-24 06:44 - 2013-06-24 06:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TrojanHunter
2013-06-24 06:43 - 2013-06-24 06:43 - 00000036 ____A C:\Users\Owner\AppData\Local\housecall.guid.cache
2013-06-24 06:13 - 2013-06-24 14:28 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-23 19:19 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-23 19:19 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-23 17:23 - 2013-06-23 17:23 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-06-23 05:28 - 2013-06-23 05:28 - 00000000 ____D C:\Program Files\Microsoft Office
2013-06-23 05:27 - 2013-06-23 05:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-06-23 05:27 - 2013-06-23 05:27 - 00000000 ____D C:\MSOCache
2013-06-23 04:37 - 2013-06-27 18:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-23 04:29 - 2013-06-23 04:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Oracle
2013-06-23 04:24 - 2013-06-23 04:24 - 00013540 ____A C:\Users\Owner\Documents\HitmanPro_20130623_0424.log
2013-06-23 03:22 - 2013-06-23 03:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-06-23 03:11 - 2013-06-23 03:11 - 00000000 ____D C:\Program Files (x86)\IObit
2013-06-23 02:40 - 2013-06-23 02:40 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-23 02:09 - 2013-06-23 04:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-23 02:09 - 2013-06-23 04:24 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-06-23 01:13 - 2013-06-23 01:13 - 00000000 ____D C:\Users\Owner\Documents\ProcAlyzer Dumps
2013-06-23 00:11 - 2013-06-23 00:11 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated) (2).pin
2013-06-22 23:51 - 2013-06-22 23:51 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated).pin
2013-06-22 23:51 - 2013-06-22 23:51 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated) (1).pin
2013-06-21 20:36 - 2013-06-24 14:28 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-21 20:36 - 2013-06-21 20:36 - 00000000 ____D C:\Windows\PCHEALTH
2013-06-21 20:32 - 2013-06-24 14:28 - 00000000 ___RD C:\Users\Owner\SkyDrive
2013-06-21 20:32 - 2013-06-24 14:28 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-06-21 20:32 - 2013-06-21 20:32 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-06-21 20:32 - 2013-06-21 20:32 - 00000000 ____D C:\ProgramData\Application Data\Microsoft SkyDrive
2013-06-21 20:31 - 2013-06-21 20:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2013-06-21 12:34 - 2013-06-24 14:28 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2013-06-21 12:28 - 2013-06-21 12:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-06-21 12:28 - 2013-06-21 12:28 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA Corporation
2013-06-21 06:40 - 2013-06-27 17:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-21 06:40 - 2013-06-27 17:36 - 00000000 ____D C:\ProgramData\Application Data\Spybot - Search & Destroy
2013-06-21 04:27 - 2013-06-24 14:29 - 00000000 ____D C:\Program Files (x86)\DV TS
2013-06-21 04:26 - 2013-06-24 14:28 - 00000000 ____D C:\Users\Owner\Desktop\Aiptek-Driver_V50
2013-06-21 01:32 - 2013-06-21 01:32 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-20 20:16 - 2013-06-20 20:16 - 00000000 ____D C:\Users\Owner\AppData\Local\CRE
2013-06-19 21:12 - 2013-06-19 21:12 - 00000000 ____D C:\Users\Owner\Desktop\NetworkConfiguration
2013-06-19 15:54 - 2013-06-19 15:54 - 00000508 ____A C:\Windows\DirectX.log
2013-06-19 15:50 - 2013-06-30 14:35 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 15:44 - 2013-06-19 15:44 - 00000024 ____A C:\Users\Owner\Documents\keygen for LOTR.txt
2013-06-19 15:33 - 2013-06-19 15:33 - 00001208 ____A C:\Users\Owner\Documents\startup.txt2.txt
2013-06-19 15:33 - 2013-06-19 15:33 - 00001208 ____A C:\Users\Owner\Documents\startup.txt
2013-06-19 02:46 - 2013-06-19 02:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Conceiva
2013-06-19 02:41 - 2013-06-19 02:41 - 01045072 ____A (BitTorrent Inc.) C:\Users\Owner\Downloads\utorrent.exe
2013-06-19 00:06 - 2013-06-25 14:36 - 00000000 ____D C:\Program Files (x86)\MediaFire Express
2013-06-18 16:57 - 2013-06-18 16:57 - 00000000 ___AD C:\Users\Owner\Documents\Converted Vids
2013-06-17 19:53 - 2013-06-27 18:44 - 00001966 ____A C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
2013-06-17 19:00 - 2013-06-17 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\DutchDuckIndexDat
2013-06-15 14:13 - 2013-06-23 05:51 - 00000000 ____D C:\users\Guest
2013-06-15 09:05 - 2013-06-24 14:28 - 00000000 ____D C:\Program Files (x86)\Total Video Converter
2013-06-14 04:58 - 2013-06-19 09:57 - 00000043 ____A C:\Windows\MezzmoMediaServer.INI
2013-06-14 03:36 - 2013-06-24 14:29 - 00000000 ____D C:\Users\Owner\Desktop\Mezzmo.2.7.1.0 Cracked
2013-06-13 16:56 - 2013-06-13 16:56 - 00000000 ___AD C:\Users\Owner\AppData\Roaming\PowerUp Software
2013-06-13 16:54 - 2013-06-13 16:54 - 00000000 ____D C:\ProgramData\PowerUp Software
2013-06-13 16:54 - 2013-06-13 16:54 - 00000000 ____D C:\ProgramData\Application Data\PowerUp Software
2013-06-13 16:53 - 2013-06-27 17:48 - 00119296 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-13 16:53 - 2013-06-13 16:53 - 00002106 ____A C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
2013-06-13 16:53 - 2009-07-13 21:16 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vers9203.rra
2013-06-13 16:53 - 2009-07-13 21:16 - 00015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsoc928f.rra
2013-06-13 16:53 - 2009-07-13 21:16 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shfo9176.rra
2013-06-13 16:53 - 2009-07-13 21:14 - 00126464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advp9109.rra
2013-06-13 16:53 - 2008-04-13 20:11 - 00619008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dx7vb.dll
2013-06-13 16:53 - 2008-01-13 20:59 - 00036864 ____A C:\Windows\SysWOW64\dxinputdll.dll
2013-06-13 16:53 - 2008-01-13 17:36 - 00091632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dsofile.dll
2013-06-13 16:53 - 2004-03-09 19:45 - 00212240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2013-06-13 16:53 - 2003-01-26 14:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll
2013-06-13 16:53 - 2002-08-09 12:18 - 00045056 ____N (Microsoft) C:\Windows\SysWOW64\NTSVC.ocx
2013-06-13 16:53 - 2001-04-05 07:43 - 00094208 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll
2013-06-13 16:53 - 2000-12-06 03:00 - 00109248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2013-06-13 16:53 - 2000-04-03 21:52 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2013-06-13 16:53 - 1999-05-17 14:55 - 00057344 ____N () C:\Windows\SysWOW64\ADsSecurity.dll
2013-06-13 16:53 - 1998-06-18 01:00 - 00089360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2013-06-13 16:52 - 2013-06-24 14:20 - 00000000 ____D C:\Program Files (x86)\PowerUp Software
2013-06-13 16:46 - 2013-06-13 16:46 - 00000000 ___AD C:\Users\Owner\AppData\Local\BigHugeEngine
2013-06-13 16:39 - 2013-06-17 19:43 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
2013-06-13 16:37 - 2013-06-13 16:37 - 00002221 ____A C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
2013-06-13 16:31 - 2013-06-13 16:31 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-06-12 20:34 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 20:34 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 20:34 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 20:34 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 20:34 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 20:34 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 20:34 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 20:34 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 20:34 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 20:34 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 20:34 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 20:34 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 08:37 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 08:37 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 08:37 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 08:37 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 08:37 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 08:37 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 08:06 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:06 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:06 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:05 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:05 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:05 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:05 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:05 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:05 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:05 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:05 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:05 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:05 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:05 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:05 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:05 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:05 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:05 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:05 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-10 19:58 - 2013-06-27 17:36 - 00000000 ___AD C:\Users\Owner\New folder
2013-06-10 16:52 - 2013-06-21 02:08 - 00000000 ___AD C:\Users\Owner\AppData\Roaming\Media Player Classic
2013-06-10 16:44 - 2013-06-10 16:44 - 00070671 ____A C:\Users\Owner\Documents\Filing Instructions non-incarcerated applicants.txt
2013-06-09 00:08 - 2013-06-14 04:51 - 00000000 ____A C:\Windows\SysWOW64\chrome.log
2013-06-09 00:07 - 2013-06-14 04:54 - 00000000 ____D C:\ProgramData\TVersity
2013-06-09 00:07 - 2013-06-14 04:54 - 00000000 ____D C:\ProgramData\Application Data\TVersity
2013-06-08 04:52 - 2013-06-08 23:51 - 00000000 ___AD C:\Users\Owner\AppData\Local\Nero
2013-06-08 04:50 - 2013-06-08 23:51 - 00000000 ____D C:\ProgramData\Nero
2013-06-08 04:50 - 2013-06-08 23:51 - 00000000 ____D C:\ProgramData\Application Data\Nero
2013-06-01 00:13 - 2013-06-01 00:13 - 00001129 ____A C:\Users\Owner\Desktop\Advanced PC Tweaker.lnk
2013-06-01 00:13 - 2013-06-01 00:13 - 00001084 ____A C:\Users\Owner\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk

==================== One Month Modified Files and Folders =======

2013-06-30 21:46 - 2013-06-30 21:46 - 00000000 ____D C:\FRST
2013-06-30 21:45 - 2013-06-30 21:45 - 01933758 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-30 21:43 - 2013-06-30 21:43 - 00016108 ____A C:\Users\Owner\Desktop\download.htm
2013-06-30 21:41 - 2013-04-02 05:07 - 00000000 ____D C:\Program Files (x86)\Advanced PC Tweaker
2013-06-30 21:07 - 2013-04-14 02:55 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 20:11 - 2013-06-30 20:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
2013-06-30 20:11 - 2013-06-30 20:11 - 00000000 ____D C:\Users\Owner\AppData\LocalGoogle
2013-06-30 20:11 - 2013-04-14 02:55 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 20:11 - 2010-12-29 15:06 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-06-30 20:10 - 2013-06-30 20:10 - 00800192 ____A (Google Inc.) C:\Users\Owner\Downloads\googledrivesync.exe
2013-06-30 19:17 - 2013-06-30 19:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-30 19:16 - 2013-06-30 19:16 - 02347384 ____A (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2013-06-30 19:14 - 2009-07-14 00:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 19:14 - 2009-07-14 00:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 19:12 - 2013-06-30 19:12 - 00063872 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-30 19:12 - 2013-06-30 19:12 - 00015435 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-30 19:11 - 2013-04-06 18:54 - 01277559 ____A C:\Windows\WindowsUpdate.log
2013-06-30 19:09 - 2013-06-30 19:09 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.exe
2013-06-30 19:08 - 2013-06-30 06:00 - 00000410 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-30 19:07 - 2013-06-30 06:00 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-30 19:07 - 2013-06-24 14:32 - 00003985 ____A C:\Windows\setupact.log
2013-06-30 19:07 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 19:06 - 2013-06-30 19:05 - 00000969 ____A C:\AdwCleaner[S3].txt
2013-06-30 19:05 - 2013-06-30 19:05 - 00000910 ____A C:\AdwCleaner[R2].txt
2013-06-30 18:58 - 2013-06-30 18:57 - 00001287 ____A C:\AdwCleaner[S2].txt
2013-06-30 18:58 - 2013-06-25 11:37 - 00665014 ____A C:\Windows\PFRO.log
2013-06-30 18:57 - 2013-06-30 18:57 - 00648201 ____A C:\Users\Owner\Desktop\adwcleaner.exe
2013-06-30 18:57 - 2013-06-30 18:57 - 00001220 ____A C:\AdwCleaner[R1].txt
2013-06-30 18:56 - 2013-06-30 18:56 - 00890988 ____A C:\Users\Owner\Desktop\SecurityCheck (1).exe
2013-06-30 18:55 - 2013-06-30 18:55 - 00890988 ____A C:\Users\Owner\Downloads\SecurityCheck.exe
2013-06-30 18:36 - 2013-06-30 18:36 - 00026046 ____A C:\ComboFix.txt
2013-06-30 18:36 - 2013-06-30 18:26 - 00000000 ____D C:\ComboFix
2013-06-30 18:36 - 2013-06-30 18:25 - 00000000 ____D C:\Qoobox
2013-06-30 18:34 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-06-30 18:23 - 2013-06-30 18:23 - 05084517 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-06-30 18:00 - 2012-07-20 02:27 - 00000468 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-06-30 17:05 - 2013-06-30 17:05 - 00065232 ___AH (Malwarebytes) C:\Users\Owner\Downloads\regassassin-setup-1.03.exe
2013-06-30 17:03 - 2013-06-30 17:03 - 00584600 ____A C:\Users\Owner\Downloads\cbsidlm-tr1_13-GMER-SEO-10720107.exe
2013-06-30 17:03 - 2013-06-30 17:03 - 00000855 ____A C:\Users\Owner\Desktop\Install GMER.lnk
2013-06-30 15:28 - 2013-03-29 19:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 15:28 - 2013-03-29 19:52 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-06-30 15:24 - 2013-06-30 15:24 - 00000000 ____D C:\Program Files (x86)\ Online Backup
2013-06-30 15:12 - 2013-06-24 20:39 - 00009020 ____A C:\Windows\DPINST.LOG
2013-06-30 14:35 - 2013-06-19 15:50 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-30 14:29 - 2013-03-22 02:25 - 00000000 ____D C:\Program Files (x86)\Win7codecs
2013-06-30 14:29 - 2013-03-22 02:23 - 00000000 ____D C:\ProgramData\Win7codecs
2013-06-30 14:29 - 2013-03-22 02:23 - 00000000 ____D C:\ProgramData\Application Data\Win7codecs
2013-06-30 13:39 - 2009-07-14 01:13 - 00007322 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-30 08:41 - 2013-06-30 08:41 - 00000000 ____D C:\Users\Owner\Desktop\mbam-chameleon-1.62.1.1000
2013-06-30 08:34 - 2013-06-30 08:34 - 00007520 ____A C:\Users\Owner\Documents\cc_20130630_083400.reg
2013-06-30 08:28 - 2013-06-30 08:27 - 00000000 ____D C:\Windows\F9233F0256174BDC8EC64B798EDFE6F4.TMP
2013-06-30 08:28 - 2013-06-24 20:38 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2013-06-30 06:36 - 2013-04-03 11:28 - 00000000 ____D C:\Windows\erdnt
2013-06-30 06:36 - 2009-07-13 22:34 - 63438848 ____A C:\Windows\System32\config\software.bak
2013-06-30 06:36 - 2009-07-13 22:34 - 43515904 ____A C:\Windows\System32\config\system.bak
2013-06-30 06:36 - 2009-07-13 22:34 - 04980736 ____A C:\Windows\System32\config\default.bak
2013-06-30 06:36 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2013-06-30 06:36 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2013-06-30 06:13 - 2013-06-28 03:49 - 00000000 ____D C:\Program Files (x86)\PeanutButterCup.MB
2013-06-30 06:10 - 2013-06-30 06:10 - 00712264 ____A C:\Windows\is-2G064.exe
2013-06-30 06:10 - 2013-06-30 06:10 - 00011277 ____A C:\Windows\is-2G064.msg
2013-06-30 06:10 - 2013-06-30 06:10 - 00000358 ____A C:\Windows\is-2G064.lst
2013-06-30 06:10 - 2013-06-28 03:47 - 00001055 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 06:09 - 2013-06-30 06:09 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-30 06:00 - 2013-06-30 06:00 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
2013-06-30 05:59 - 2013-06-30 05:59 - 00671384 ____A (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\SlimDrivers-setup.exe
2013-06-30 05:35 - 2010-12-29 14:18 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-06-30 05:32 - 2013-06-30 05:32 - 00002995 ____A C:\Users\Owner\Desktop\HiJackThis.lnk
2013-06-30 05:32 - 2013-06-30 05:32 - 00000000 ____D C:\Program Files (x86)\HiPanties
2013-06-28 04:36 - 2013-06-28 04:36 - 00000646 ____A C:\Users\Owner\Documents\HIjackerfiles.reg
2013-06-28 03:50 - 2013-06-24 06:57 - 00002740 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-06-28 03:48 - 2013-06-28 03:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\PeanutButtercup.exe
2013-06-28 03:44 - 2013-06-28 03:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup.exe
2013-06-28 03:38 - 2013-06-28 03:36 - 00000035 ____A C:\Users\Owner\AppData\Roaming\SetValue.bat
2013-06-28 03:38 - 2013-06-28 03:35 - 00000000 ____A C:\Windows\System32\tmp.txt
2013-06-27 19:28 - 2013-06-27 19:14 - 95186888 ____A C:\Users\Owner\Downloads\vpsupd.exe
2013-06-27 19:10 - 2013-06-27 19:09 - 88785288 ____A C:\Users\Owner\Downloads\vpsupd4.exe
2013-06-27 18:56 - 2013-06-23 04:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-27 18:49 - 2013-06-27 18:49 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 18:46 - 2013-04-08 00:07 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 18:46 - 2013-04-08 00:07 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 18:46 - 2013-04-08 00:06 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:44 - 2013-06-17 19:53 - 00001966 ____A C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
2013-06-27 17:49 - 2011-01-05 03:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-27 17:48 - 2013-06-13 16:53 - 00119296 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-27 17:38 - 2013-06-27 11:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-27 17:38 - 2010-12-29 14:18 - 00000000 ____D C:\users\Owner
2013-06-27 17:36 - 2013-06-25 04:16 - 00000000 ____D C:\users\Guest.Owner-PC56456
2013-06-27 17:36 - 2013-06-21 06:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-27 17:36 - 2013-06-21 06:40 - 00000000 ____D C:\ProgramData\Application Data\Spybot - Search & Destroy
2013-06-27 17:36 - 2013-06-10 19:58 - 00000000 ___AD C:\Users\Owner\New folder
2013-06-27 17:36 - 2011-10-15 12:53 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-27 17:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-27 17:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-06-27 16:53 - 2011-08-12 00:42 - 00000000 ___AD C:\Users\Owner\AppData\Local\CrashDumps
2013-06-27 07:17 - 2013-06-27 07:17 - 01034464 ____A (Solid State Networks) C:\Users\Owner\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-25 21:23 - 2011-01-05 05:24 - 00000000 ___AD C:\Users\Owner\AppData\Local\Adobe
2013-06-25 14:36 - 2013-06-19 00:06 - 00000000 ____D C:\Program Files (x86)\MediaFire Express
2013-06-25 14:22 - 2013-06-24 23:41 - 00000000 ____D C:\ProgramData\Norton
2013-06-25 14:22 - 2013-06-24 23:41 - 00000000 ____D C:\ProgramData\Application Data\Norton
2013-06-25 06:39 - 2013-04-20 14:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-25 06:39 - 2013-04-20 14:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-25 04:16 - 2013-06-25 04:16 - 00000020 __ASH C:\Users\Guest.Owner-PC56456\ntuser.ini
2013-06-25 00:33 - 2013-03-10 02:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Updater26278
2013-06-24 22:37 - 2013-06-24 22:37 - 00000000 ____D C:\ProgramData\Sophos
2013-06-24 22:37 - 2013-06-24 22:37 - 00000000 ____D C:\ProgramData\Application Data\Sophos
2013-06-24 22:35 - 2013-06-24 22:35 - 71612144 ____A (Sophos Limited) C:\Users\Owner\Downloads\Sophos Virus Removal Tool.exe
2013-06-24 20:39 - 2013-06-24 20:39 - 00000000 ____D C:\Program Files\DIFX
2013-06-24 20:38 - 2013-06-24 20:38 - 00000000 ____D C:\ProgramData\Leapfrog
2013-06-24 20:38 - 2013-06-24 20:38 - 00000000 ____D C:\ProgramData\Application Data\Leapfrog
2013-06-24 20:38 - 2013-06-24 20:37 - 44480392 ____A C:\Users\Owner\Downloads\LeapFrogConnectOfflineSetup_MyOwnLeaptop (1).exe
2013-06-24 15:36 - 2011-01-04 19:13 - 00118336 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-24 14:32 - 2013-06-24 14:32 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 14:29 - 2013-06-21 04:27 - 00000000 ____D C:\Program Files (x86)\DV TS
2013-06-24 14:29 - 2013-06-14 03:36 - 00000000 ____D C:\Users\Owner\Desktop\Mezzmo.2.7.1.0 Cracked
2013-06-24 14:29 - 2013-04-13 12:26 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-06-24 14:29 - 2013-04-06 05:48 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2013-06-24 14:29 - 2013-02-26 23:14 - 00000000 ____D C:\Users\Owner\.android
2013-06-24 14:29 - 2013-02-13 00:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2013-06-24 14:29 - 2011-01-05 03:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-06-24 14:29 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-06-24 14:29 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-24 14:29 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\Dism
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\com
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\security
2013-06-24 14:28 - 2013-06-24 06:13 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-24 14:28 - 2013-06-21 20:36 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-24 14:28 - 2013-06-21 20:32 - 00000000 ___RD C:\Users\Owner\SkyDrive
2013-06-24 14:28 - 2013-06-21 20:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-06-24 14:28 - 2013-06-21 12:34 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2013-06-24 14:28 - 2013-06-21 04:26 - 00000000 ____D C:\Users\Owner\Desktop\Aiptek-Driver_V50
2013-06-24 14:28 - 2013-06-15 09:05 - 00000000 ____D C:\Program Files (x86)\Total Video Converter
2013-06-24 14:28 - 2011-10-13 22:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-24 14:28 - 2011-10-13 22:50 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-06-24 14:22 - 2013-04-09 17:10 - 00000000 ____D C:\users\Default
2013-06-24 14:21 - 2013-04-27 23:09 - 00000000 ____D C:\Program Files\Java
2013-06-24 14:20 - 2013-06-13 16:52 - 00000000 ____D C:\Program Files (x86)\PowerUp Software
2013-06-24 14:20 - 2011-01-05 03:34 - 00000000 ___AD C:\NVIDIA
2013-06-24 14:20 - 2010-12-29 14:46 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 12:05 - 2013-06-24 12:05 - 00006258 ____A C:\Users\Owner\Documents\install.txt
2013-06-24 08:32 - 2013-02-26 08:37 - 00035328 __ASH C:\Users\Owner\Documents\Thumbs.db
2013-06-24 06:51 - 2013-06-24 06:51 - 00164694 ____A C:\Users\Owner\AppData\Local\census.cache
2013-06-24 06:51 - 2013-06-24 06:51 - 00098539 ____A C:\Users\Owner\AppData\Local\ars.cache
2013-06-24 06:44 - 2013-06-24 06:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TrojanHunter
2013-06-24 06:43 - 2013-06-24 06:43 - 00000036 ____A C:\Users\Owner\AppData\Local\housecall.guid.cache
2013-06-23 19:19 - 2013-06-25 04:16 - 00000000 ____D C:\Users\Guest.Owner-PC56456\AppData\Local\Microsoft Help
2013-06-23 19:19 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-23 19:19 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-23 17:23 - 2013-06-23 17:23 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-06-23 05:51 - 2013-06-15 14:13 - 00000000 ____D C:\users\Guest
2013-06-23 05:31 - 2013-06-23 05:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-06-23 05:28 - 2013-06-23 05:28 - 00000000 ____D C:\Program Files\Microsoft Office
2013-06-23 05:27 - 2013-06-23 05:27 - 00000000 ____D C:\MSOCache
2013-06-23 04:29 - 2013-06-23 04:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Oracle
2013-06-23 04:24 - 2013-06-23 04:24 - 00013540 ____A C:\Users\Owner\Documents\HitmanPro_20130623_0424.log
2013-06-23 04:24 - 2013-06-23 02:09 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-23 04:24 - 2013-06-23 02:09 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-06-23 03:22 - 2013-06-23 03:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-06-23 03:11 - 2013-06-23 03:11 - 00000000 ____D C:\Program Files (x86)\IObit
2013-06-23 02:40 - 2013-06-23 02:40 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-23 01:13 - 2013-06-23 01:13 - 00000000 ____D C:\Users\Owner\Documents\ProcAlyzer Dumps
2013-06-23 00:11 - 2013-06-23 00:11 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated) (2).pin
2013-06-22 23:51 - 2013-06-22 23:51 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated).pin
2013-06-22 23:51 - 2013-06-22 23:51 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated) (1).pin
2013-06-21 20:56 - 2013-06-21 20:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2013-06-21 20:37 - 2011-10-13 22:53 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-21 20:36 - 2013-06-21 20:36 - 00000000 ____D C:\Windows\PCHEALTH
2013-06-21 20:32 - 2013-06-21 20:32 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-06-21 20:32 - 2013-06-21 20:32 - 00000000 ____D C:\ProgramData\Application Data\Microsoft SkyDrive
2013-06-21 12:28 - 2013-06-21 12:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-06-21 12:28 - 2013-06-21 12:28 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA Corporation
2013-06-21 09:40 - 2013-02-06 10:41 - 00000000 ___RD C:\users\Mcx1-OWNER-PC56456
2013-06-21 02:20 - 2013-05-03 00:08 - 00000000 ___AD C:\Users\Owner\Documents\Derek's Zombies
2013-06-21 02:08 - 2013-06-10 16:52 - 00000000 ___AD C:\Users\Owner\AppData\Roaming\Media Player Classic
2013-06-21 01:32 - 2013-06-21 01:32 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-20 20:16 - 2013-06-20 20:16 - 00000000 ____D C:\Users\Owner\AppData\Local\CRE
2013-06-19 21:12 - 2013-06-19 21:12 - 00000000 ____D C:\Users\Owner\Desktop\NetworkConfiguration
2013-06-19 15:54 - 2013-06-19 15:54 - 00000508 ____A C:\Windows\DirectX.log
2013-06-19 15:44 - 2013-06-19 15:44 - 00000024 ____A C:\Users\Owner\Documents\keygen for LOTR.txt
2013-06-19 15:33 - 2013-06-19 15:33 - 00001208 ____A C:\Users\Owner\Documents\startup.txt2.txt
2013-06-19 15:33 - 2013-06-19 15:33 - 00001208 ____A C:\Users\Owner\Documents\startup.txt
2013-06-19 12:00 - 2013-04-10 12:10 - 00000524 ____A C:\Windows\Tasks\One-Click Tweak.job
2013-06-19 09:57 - 2013-06-14 04:58 - 00000043 ____A C:\Windows\MezzmoMediaServer.INI
2013-06-19 02:46 - 2013-06-19 02:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Conceiva
2013-06-19 02:41 - 2013-06-19 02:41 - 01045072 ____A (BitTorrent Inc.) C:\Users\Owner\Downloads\utorrent.exe
2013-06-19 00:38 - 2011-01-04 19:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Cyberlink
2013-06-18 16:57 - 2013-06-18 16:57 - 00000000 ___AD C:\Users\Owner\Documents\Converted Vids
2013-06-17 19:53 - 2013-04-08 00:06 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-17 19:49 - 2013-03-31 13:30 - 00000000 ____D C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2013-06-17 19:49 - 2013-03-23 22:26 - 00000000 ____D C:\Users\Owner\SecurityScans
2013-06-17 19:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2013-06-17 19:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-17 19:48 - 2013-05-16 13:57 - 00000000 ___AD C:\Users\Owner\Documents\Dolphin-3.5-win32
2013-06-17 19:48 - 2013-05-11 14:36 - 00000000 ____D C:\Users\Owner\Documents\snes9x-1.52-win32.fix4-1183
2013-06-17 19:48 - 2013-04-14 21:52 - 00000000 ____D C:\Users\Owner\Documents\My Games
2013-06-17 19:48 - 2013-03-03 04:59 - 00000000 ____D C:\Users\Owner\AppData\Local\Samsung
2013-06-17 19:48 - 2013-02-07 22:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Downloaded Installations
2013-06-17 19:48 - 2012-09-11 22:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PowerISO
2013-06-17 19:48 - 2012-03-11 04:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\InfinaDyne
2013-06-17 19:48 - 2012-02-09 00:38 - 00000000 ___SD C:\Users\Owner\Documents\My Data Sources
2013-06-17 19:48 - 2012-01-26 16:16 - 00000000 ____D C:\Users\Owner\Documents\PeerBlock
2013-06-17 19:48 - 2011-11-22 10:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinBatch
2013-06-17 19:48 - 2011-01-30 13:50 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2013-06-17 19:47 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2013-06-17 19:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2013-06-17 19:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Globalization
2013-06-17 19:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Branding
2013-06-17 19:44 - 2013-05-16 13:47 - 00000000 ____D C:\Users\Owner\Documents\Project64 2.1
2013-06-17 19:43 - 2013-06-13 16:39 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
2013-06-17 19:43 - 2013-03-28 18:00 - 00000000 ____D C:\Users\Owner\AppData\Local\IsolatedStorage
2013-06-17 19:43 - 2013-02-07 00:41 - 00000000 ____D C:\Users\Owner\Documents\Fax
2013-06-17 19:43 - 2012-08-09 21:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.purple
2013-06-17 19:43 - 2011-01-05 05:22 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Games
2013-06-17 19:43 - 2010-12-29 16:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2013-06-17 19:43 - 2010-12-29 16:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2013-06-17 19:00 - 2013-06-17 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\DutchDuckIndexDat
2013-06-17 18:11 - 2013-03-10 02:44 - 00000000 ____D C:\Program Files (x86)\Pointstone
2013-06-15 06:15 - 2011-10-17 21:14 - 00227840 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-15 04:44 - 2013-05-28 07:53 - 00000000 ___AD C:\Users\Owner\Desktop\Gamecube games
2013-06-14 10:55 - 2013-03-29 03:49 - 00000000 ____D C:\Windows\Minidump
2013-06-14 04:54 - 2013-06-09 00:07 - 00000000 ____D C:\ProgramData\TVersity
2013-06-14 04:54 - 2013-06-09 00:07 - 00000000 ____D C:\ProgramData\Application Data\TVersity
2013-06-14 04:51 - 2013-06-09 00:08 - 00000000 ____A C:\Windows\SysWOW64\chrome.log
2013-06-13 16:56 - 2013-06-13 16:56 - 00000000 ___AD C:\Users\Owner\AppData\Roaming\PowerUp Software
2013-06-13 16:54 - 2013-06-13 16:54 - 00000000 ____D C:\ProgramData\PowerUp Software
2013-06-13 16:54 - 2013-06-13 16:54 - 00000000 ____D C:\ProgramData\Application Data\PowerUp Software
2013-06-13 16:53 - 2013-06-13 16:53 - 00002106 ____A C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
2013-06-13 16:46 - 2013-06-13 16:46 - 00000000 ___AD C:\Users\Owner\AppData\Local\BigHugeEngine
2013-06-13 16:37 - 2013-06-13 16:37 - 00002221 ____A C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
2013-06-13 16:31 - 2013-06-13 16:31 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-06-12 19:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 08:38 - 2010-12-29 15:34 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 16:44 - 2013-06-10 16:44 - 00070671 ____A C:\Users\Owner\Documents\Filing Instructions non-incarcerated applicants.txt
2013-06-08 23:51 - 2013-06-08 04:52 - 00000000 ___AD C:\Users\Owner\AppData\Local\Nero
2013-06-08 23:51 - 2013-06-08 04:50 - 00000000 ____D C:\ProgramData\Nero
2013-06-08 23:51 - 2013-06-08 04:50 - 00000000 ____D C:\ProgramData\Application Data\Nero
2013-06-08 21:46 - 2009-07-14 01:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 10:08 - 2013-06-12 20:34 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 10:07 - 2013-06-12 20:34 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 10:06 - 2013-06-12 20:34 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 10:06 - 2013-06-12 20:34 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 10:06 - 2013-06-12 20:34 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 08:28 - 2013-06-12 20:34 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 07:42 - 2013-06-12 20:34 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 07:40 - 2013-06-12 20:34 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 07:40 - 2013-06-12 20:34 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 07:40 - 2013-06-12 20:34 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 07:40 - 2013-06-12 20:34 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 07:13 - 2013-06-12 20:34 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-03 09:15 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-06-01 00:15 - 2013-03-09 23:42 - 00000042 ____A C:\Windows\SysWOW64\APCT.lie
2013-06-01 00:13 - 2013-06-01 00:13 - 00001129 ____A C:\Users\Owner\Desktop\Advanced PC Tweaker.lnk
2013-06-01 00:13 - 2013-06-01 00:13 - 00001084 ____A C:\Users\Owner\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 07:24

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2013 03
Ran by Owner at 2013-06-30 21:46:59
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.3.0.29677)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Advanced PC Tweaker v4.2 (x32 Version: 4.2)
Avast License by ZeNiX [2012-06-29] (x32)
avast! Pro Antivirus (x32 Version: 8.0.1489.0)
CCleaner (Version: 3.02)
ESET Online Scanner v3 (x32)
Google Chrome (x32 Version: 27.0.1453.116)
Google Drive (x32 Version: 1.10.4769.632)
Google Update Helper (x32 Version: 1.3.21.149)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Mezzmo (HKCU Version: 3.2.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Software Update for Web Folders (English) 14 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22)
NVIDIA Control Panel 314.22 (Version: 314.22)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (x32 Version: 9.12.1031)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PowerISO (x32 Version: 4.9)
SlimDrivers (x32 Version: 2.2.30423)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
USB Flash Port Driver (x32 Version: 1.00.0000)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

==================== Restore Points =========================

30-06-2013 18:17:08 Windows Update
30-06-2013 18:28:59 Removed Win7codecs.

==================== Scheduled Tasks (whitelisted) =============

Task: {02E3EFB2-0894-46FA-BF66-70E06FDEC771} - System32\Tasks\One-Click Tweak => C:\Program Files (x86)\Advanced PC Tweaker\OneClick.exe [2013-06-01] (AdvancedPCTweaker.com, Inc.)
Task: {0AC6CB41-6B1D-4389-A0AD-7E305109A0F3} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe No File
Task: {0D06A13F-6319-4544-BE24-BAAFB290E145} - System32\Tasks\{518A7B68-E332-4461-BA24-DF8B6CD652FF} => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe No File
Task: {1440CE98-C63B-4B5D-B43E-33623CDC927F} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe No File
Task: {146F724E-A48E-4623-A738-6C6F57012A0C} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe No File
Task: {14D9F362-E565-4C13-A6A7-DB7C737DCD1C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2841162561-682868603-3290484309-1000
Task: {15321F7F-8915-4B59-B82A-E266027A14B6} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {2C5D7286-D566-4F1B-996D-A9965279391D} - System32\Tasks\ParetoLogic Registration3 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {2F895D26-5746-451E-8B76-1023FC885116} - System32\Tasks\{D00015DF-35BF-48B0-B85C-2FA94822A4B5} => C:\Magic Workstation\MWSPlay.exe No File
Task: {314EE0F5-CC67-4F2A-AB6B-E2DAA11BADD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {452DAC3B-E2B1-4963-8E11-B9D2D36F1999} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {52BE0FDB-AA18-4938-B0E6-CAFE44A3D1CD} - System32\Tasks\User_Feed_Synchronization-{1DC01F9B-BAC8-4E7C-9FD8-6299800535C1} => C:\Windows\system32\msfeedssync.exe [2013-04-21] (Microsoft Corporation)
Task: {60073288-B1CA-4774-9D76-014B99CC0825} - System32\Tasks\{F5A954DB-49EE-461A-B80F-706B099CA18A} => C:\Program Files (x86)\Conceiva\Mezzmo\Mezzmo.exe No File
Task: {6DDE9126-D22A-4399-A28E-FB1A4A1CEA3E} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe No File
Task: {7E28699C-30E5-4CA3-B1A0-96ED3ADABEE4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe No File
Task: {84D2D784-A706-443D-9439-4286E990EC95} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe No File
Task: {89F87DDE-4ACC-4F3D-A4AA-EDBE55B2DFC1} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-06-21] (SlimWare Utilities, Inc.)
Task: {9311FBD8-57D7-437D-8CA5-21B8FE8B02FB} - System32\Tasks\MyCleanPC Registry Cleaner => C:\Program Files (x86)\CyberDefender\Registry Scanner\CDregclean.exe No File
Task: {9F225FA1-E29F-4989-B4E3-13BDBAB6BB2D} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe No File
Task: {A32B2E34-137B-4D25-B29F-698ED75D5535} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe No File
Task: {AAC2091A-CB4B-4D15-AB83-7FE33BB62D22} - System32\Tasks\{B36FBC2F-62BC-41CB-9EF5-D0E3BD3ED3B3} => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe No File
Task: {AE778A67-F0EC-48A7-94D4-9529063DCE8F} - System32\Tasks\{FED36781-98CE-41B5-B64C-C8F7DC9C4CB9} => C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe No File
Task: {CA787C97-C418-400F-8265-B0C8B4759DC7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {CB7D2A16-30F2-49C4-AEC6-990F6836CCF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14] (Google Inc.)
Task: {CC5EFFA7-986A-4866-918A-9B1B06A9D42C} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-OWNER-PC56456 => C:\Windows\ehome\McxTask.exe No File
Task: {E460CCC2-9B8F-481E-9C0A-68AB0166B6D8} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {F4A626A5-EE69-4CF8-8DAB-1E8C534BB848} - System32\Tasks\{DA8B4507-CBF4-437D-878A-B621E1B1FEDA} => C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe No File
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Tweak.job => C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{1DC01F9B-BAC8-4E7C-9FD8-6299800535C1}.job => C:\Windows\system32\msfeedssync.exe

==================== Faulty Device Manager Devices =============

Name: Xbox 360
Description: Xbox 360
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2013 07:16:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2013 07:16:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2013 07:16:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2013 07:16:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2013 07:00:10 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: The system cannot find the path specified. (0x80070003).

Error: (06/30/2013 06:26:58 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (06/30/2013 06:26:58 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (06/30/2013 06:26:58 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (06/30/2013 03:34:39 PM) (Source: Application Hang) (User: )
Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f94

Start Time: 01ce75c8c16a3090

Termination Time: 16

Application Path: C:\Windows\system32\NOTEPAD.EXE

Report Id: 187cbf11-e1bc-11e2-87b6-6cf049d99d33

Error: (06/30/2013 03:14:27 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed MSXML 4.0 SP2 (KB973688); Error = 0x8007043c).


System errors:
=============
Error: (06/30/2013 07:07:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/30/2013 07:07:16 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (06/30/2013 07:07:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/30/2013 07:07:16 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (06/30/2013 07:07:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/30/2013 07:07:16 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (06/30/2013 07:07:12 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058

Error: (06/30/2013 07:07:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/30/2013 07:07:11 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (06/30/2013 07:07:07 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/30/2013 07:16:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (06/30/2013 07:16:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (06/30/2013 07:16:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (06/30/2013 07:16:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (06/30/2013 07:00:10 PM) (Source: Windows Backup)(User: )
Description: The system cannot find the path specified. (0x80070003)

Error: (06/30/2013 06:26:58 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (06/30/2013 06:26:58 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (06/30/2013 06:26:58 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (06/30/2013 03:34:39 PM) (Source: Application Hang)(User: )
Description: NOTEPAD.EXE6.1.7600.16385f9401ce75c8c16a309016C:\Windows\system32\NOTEPAD.EXE187cbf11-e1bc-11e2-87b6-6cf049d99d33

Error: (06/30/2013 03:14:27 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved MSXML 4.0 SP2 (KB973688)0x8007043c


CodeIntegrity Errors:
===================================
Date: 2013-06-30 06:36:02.316
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-30 06:36:02.223
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-30 06:36:02.129
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-30 06:36:02.051
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-27 18:41:27.169
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-27 18:41:27.060
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-23 17:38:39.791
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-23 17:38:39.666
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-17 10:36:45.880
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-17 10:36:45.787
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 4094.49 MB
Available physical RAM: 2168.29 MB
Total Pagefile: 4110.49 MB
Available Pagefile: 2145.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.39 GB) (Free:728.38 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (CDROM) (Total:4.38 GB) (Free:0 GB) UDF
Drive e: (System Reserved) (Fixed) (Total:0.12 GB) (Free:0.05 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: DD2A7268)
Partition 1: (Not Active) - (Size=120 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello dmountz1983,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

You have the malicious site claro-search.com set as your home page on Chrome.

Go to the link below for instructions on how to change you homepage in Chrome.

http://support.googl...en&answer=95314

After that

Go to the link below and follow the instructions on how to delete cache and cookies:

https://support.goog...wer/95582?hl=en

Finally please run Farbars Recovery Scan Tool again. Press scan and post back the log it produces.
  • 0

#5
dmountz1983

dmountz1983

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Owner (administrator) on 01-07-2013 01:07:46
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
SearchScopes: HKCU - Comcast URL = http://search.comcas...q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.ipl...q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Raindrops) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 MBAMService; C:\Program Files (x86)\PeanutButterCup.MB\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S4 Mezzmo; "C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe" /ServerName="Mezzmo" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-03-17] (EldoS Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-03-17] (EldoS Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
R1 pxrts; C:\Windows\System32\drivers\pxrts.sys [65736 2013-03-23] (Prevx)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-06-11] (support.com, Inc)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
U4 nicm;
U4 nwfilter;
U4 parvdm;
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 23:27 - 2013-06-30 23:34 - 142369424 ____A C:\Users\Owner\Downloads\avast_pro_antivirus_setup.exe
2013-06-30 23:04 - 2013-06-30 23:04 - 00000000 ____D C:\Program Files\Microsoft Office
2013-06-30 22:29 - 2013-06-30 22:29 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-06-30 21:46 - 2013-06-30 21:47 - 00025088 ____A C:\Users\Owner\Desktop\Addition.txt
2013-06-30 21:46 - 2013-06-30 21:46 - 00000000 ____D C:\FRST
2013-06-30 21:45 - 2013-06-30 21:45 - 01933758 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-30 21:43 - 2013-06-30 21:43 - 00016108 ____A C:\Users\Owner\Desktop\download.htm
2013-06-30 20:11 - 2013-06-30 20:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
2013-06-30 20:11 - 2013-06-30 20:11 - 00000000 ____D C:\Users\Owner\AppData\LocalGoogle
2013-06-30 20:10 - 2013-06-30 20:10 - 00800192 ____A (Google Inc.) C:\Users\Owner\Downloads\googledrivesync.exe
2013-06-30 19:17 - 2013-06-30 19:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-30 19:16 - 2013-06-30 19:16 - 02347384 ____A (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2013-06-30 19:12 - 2013-06-30 19:12 - 00063872 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-30 19:12 - 2013-06-30 19:12 - 00015435 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-30 19:09 - 2013-06-30 19:09 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.exe
2013-06-30 19:05 - 2013-06-30 19:06 - 00000969 ____A C:\AdwCleaner[S3].txt
2013-06-30 19:05 - 2013-06-30 19:05 - 00000910 ____A C:\AdwCleaner[R2].txt
2013-06-30 18:57 - 2013-06-30 18:58 - 00001287 ____A C:\AdwCleaner[S2].txt
2013-06-30 18:57 - 2013-06-30 18:57 - 00648201 ____A C:\Users\Owner\Desktop\adwcleaner.exe
2013-06-30 18:57 - 2013-06-30 18:57 - 00001220 ____A C:\AdwCleaner[R1].txt
2013-06-30 18:56 - 2013-06-30 18:56 - 00890988 ____A C:\Users\Owner\Desktop\SecurityCheck (1).exe
2013-06-30 18:55 - 2013-06-30 18:55 - 00890988 ____A C:\Users\Owner\Downloads\SecurityCheck.exe
2013-06-30 18:36 - 2013-06-30 18:36 - 00026046 ____A C:\ComboFix.txt
2013-06-30 18:26 - 2013-06-30 18:36 - 00000000 ____D C:\ComboFix
2013-06-30 18:26 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-30 18:26 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-30 18:26 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-30 18:26 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-30 18:25 - 2013-06-30 18:36 - 00000000 ____D C:\Qoobox
2013-06-30 18:23 - 2013-06-30 18:23 - 05084517 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-06-30 17:05 - 2013-06-30 17:05 - 00065232 ___AH (Malwarebytes) C:\Users\Owner\Downloads\regassassin-setup-1.03.exe
2013-06-30 17:03 - 2013-06-30 17:03 - 00584600 ____A C:\Users\Owner\Downloads\cbsidlm-tr1_13-GMER-SEO-10720107.exe
2013-06-30 17:03 - 2013-06-30 17:03 - 00000855 ____A C:\Users\Owner\Desktop\Install GMER.lnk
2013-06-30 15:24 - 2013-06-30 15:24 - 00000000 ____D C:\Program Files (x86)\ Online Backup
2013-06-30 08:41 - 2013-06-30 08:41 - 00000000 ____D C:\Users\Owner\Desktop\mbam-chameleon-1.62.1.1000
2013-06-30 08:34 - 2013-06-30 08:34 - 00007520 ____A C:\Users\Owner\Documents\cc_20130630_083400.reg
2013-06-30 08:27 - 2013-06-30 08:28 - 00000000 ____D C:\Windows\F9233F0256174BDC8EC64B798EDFE6F4.TMP
2013-06-30 06:10 - 2013-06-30 06:10 - 00712264 ____A C:\Windows\is-2G064.exe
2013-06-30 06:10 - 2013-06-30 06:10 - 00011277 ____A C:\Windows\is-2G064.msg
2013-06-30 06:10 - 2013-06-30 06:10 - 00000358 ____A C:\Windows\is-2G064.lst
2013-06-30 06:09 - 2013-06-30 06:09 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-30 06:00 - 2013-06-30 22:58 - 00000410 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-30 06:00 - 2013-06-30 06:00 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
2013-06-30 05:59 - 2013-06-30 05:59 - 00671384 ____A (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\SlimDrivers-setup.exe
2013-06-30 05:32 - 2013-06-30 05:32 - 00002995 ____A C:\Users\Owner\Desktop\HiJackThis.lnk
2013-06-30 05:32 - 2013-06-30 05:32 - 00000000 ____D C:\Program Files (x86)\HiPanties
2013-06-28 04:36 - 2013-06-28 04:36 - 00000646 ____A C:\Users\Owner\Documents\HIjackerfiles.reg
2013-06-28 03:49 - 2013-06-30 06:13 - 00000000 ____D C:\Program Files (x86)\PeanutButterCup.MB
2013-06-28 03:48 - 2013-06-28 03:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\PeanutButtercup.exe
2013-06-28 03:47 - 2013-06-30 06:10 - 00001055 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-28 03:47 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-28 03:44 - 2013-06-28 03:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup.exe
2013-06-28 03:36 - 2013-06-28 03:38 - 00000035 ____A C:\Users\Owner\AppData\Roaming\SetValue.bat
2013-06-28 03:35 - 2013-06-28 03:38 - 00000000 ____A C:\Windows\System32\tmp.txt
2013-06-28 03:34 - 2009-06-02 11:17 - 00075776 ____A C:\Windows\System32\WS2Fix.exe
2013-06-28 03:34 - 2008-12-12 02:57 - 00078336 ____A (S!Ri.URZ) C:\Windows\System32\Agent.OMZ.Fix.exe
2013-06-28 03:34 - 2008-11-29 19:58 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.C.exe
2013-06-28 03:34 - 2008-10-01 15:51 - 00087552 ____A (S!Ri.URZ) C:\Windows\System32\VACFix.exe
2013-06-28 03:34 - 2008-09-20 12:45 - 00080384 ____A (S!Ri.URZ) C:\Windows\System32\o4Patch.exe
2013-06-28 03:34 - 2008-08-18 12:19 - 00082432 ____A (S!Ri.URZ) C:\Windows\System32\404Fix.exe
2013-06-28 03:34 - 2008-05-18 21:40 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.exe
2013-06-28 03:34 - 2007-09-06 00:22 - 00289144 ____A (S!Ri) C:\Windows\System32\VCCLSID.exe
2013-06-28 03:34 - 2006-12-01 07:20 - 00079360 ____A (SteelWerX) C:\Windows\System32\swxcacls.exe
2013-06-28 03:34 - 2006-08-29 19:43 - 00135168 ____A (SteelWerX) C:\Windows\System32\swreg.exe
2013-06-28 03:34 - 2006-04-27 17:49 - 00288417 ____A (S!Ri) C:\Windows\System32\SrchSTS.exe
2013-06-28 03:34 - 2006-01-09 11:36 - 00040960 ____A C:\Windows\System32\swsc.exe
2013-06-28 03:34 - 2004-07-31 18:50 - 00051200 ____A C:\Windows\System32\dumphive.exe
2013-06-28 03:34 - 2003-06-05 21:13 - 00053248 ____A (http://www.beyondlogic.org) C:\Windows\System32\Process.exe
2013-06-27 19:14 - 2013-06-27 19:28 - 95186888 ____A C:\Users\Owner\Downloads\vpsupd.exe
2013-06-27 19:09 - 2013-06-27 19:10 - 88785288 ____A C:\Users\Owner\Downloads\vpsupd4.exe
2013-06-27 18:49 - 2013-06-27 18:49 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 11:39 - 2013-06-27 17:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-27 07:17 - 2013-06-27 07:17 - 01034464 ____A (Solid State Networks) C:\Users\Owner\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-25 11:37 - 2013-06-30 18:58 - 00665014 ____A C:\Windows\PFRO.log
2013-06-25 04:16 - 2013-06-27 17:36 - 00000000 ____D C:\users\Guest.Owner-PC56456
2013-06-25 04:16 - 2013-06-25 04:16 - 00000020 __ASH C:\Users\Guest.Owner-PC56456\ntuser.ini
2013-06-25 04:16 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Guest.Owner-PC56456\AppData\Local\Microsoft Help
2013-06-24 23:41 - 2013-06-25 14:22 - 00000000 ____D C:\ProgramData\Norton
2013-06-24 23:41 - 2013-06-25 14:22 - 00000000 ____D C:\ProgramData\Application Data\Norton
2013-06-24 22:37 - 2013-06-24 22:37 - 00000000 ____D C:\ProgramData\Sophos
2013-06-24 22:37 - 2013-06-24 22:37 - 00000000 ____D C:\ProgramData\Application Data\Sophos
2013-06-24 22:35 - 2013-06-24 22:35 - 71612144 ____A (Sophos Limited) C:\Users\Owner\Downloads\Sophos Virus Removal Tool.exe
2013-06-24 20:39 - 2013-06-30 15:12 - 00009020 ____A C:\Windows\DPINST.LOG
2013-06-24 20:39 - 2013-06-24 20:39 - 00000000 ____D C:\Program Files\DIFX
2013-06-24 20:38 - 2013-06-30 08:28 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2013-06-24 20:38 - 2013-06-24 20:38 - 00000000 ____D C:\ProgramData\Leapfrog
2013-06-24 20:38 - 2013-06-24 20:38 - 00000000 ____D C:\ProgramData\Application Data\Leapfrog
2013-06-24 20:37 - 2013-06-24 20:38 - 44480392 ____A C:\Users\Owner\Downloads\LeapFrogConnectOfflineSetup_MyOwnLeaptop (1).exe
2013-06-24 14:32 - 2013-06-30 19:07 - 00003985 ____A C:\Windows\setupact.log
2013-06-24 14:32 - 2013-06-24 14:32 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 12:05 - 2013-06-24 12:05 - 00006258 ____A C:\Users\Owner\Documents\install.txt
2013-06-24 06:57 - 2013-06-28 03:50 - 00002740 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-06-24 06:51 - 2013-06-24 06:51 - 00164694 ____A C:\Users\Owner\AppData\Local\census.cache
2013-06-24 06:51 - 2013-06-24 06:51 - 00098539 ____A C:\Users\Owner\AppData\Local\ars.cache
2013-06-24 06:44 - 2013-06-24 06:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TrojanHunter
2013-06-24 06:43 - 2013-06-24 06:43 - 00000036 ____A C:\Users\Owner\AppData\Local\housecall.guid.cache
2013-06-24 06:13 - 2013-06-24 14:28 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-23 19:19 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-23 19:19 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-23 17:23 - 2013-06-23 17:23 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-06-23 05:27 - 2013-06-23 05:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-06-23 05:27 - 2013-06-23 05:27 - 00000000 __RHD C:\MSOCache
2013-06-23 04:37 - 2013-06-27 18:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-23 04:29 - 2013-06-23 04:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Oracle
2013-06-23 04:24 - 2013-06-23 04:24 - 00013540 ____A C:\Users\Owner\Documents\HitmanPro_20130623_0424.log
2013-06-23 03:22 - 2013-06-23 03:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-06-23 03:11 - 2013-06-23 03:11 - 00000000 ____D C:\Program Files (x86)\IObit
2013-06-23 02:09 - 2013-06-23 04:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-23 02:09 - 2013-06-23 04:24 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-06-23 01:13 - 2013-06-23 01:13 - 00000000 ____D C:\Users\Owner\Documents\ProcAlyzer Dumps
2013-06-23 00:11 - 2013-06-23 00:11 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated) (2).pin
2013-06-22 23:51 - 2013-06-22 23:51 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated).pin
2013-06-22 23:51 - 2013-06-22 23:51 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated) (1).pin
2013-06-21 20:36 - 2013-06-24 14:28 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-21 20:36 - 2013-06-21 20:36 - 00000000 ____D C:\Windows\PCHEALTH
2013-06-21 20:32 - 2013-06-24 14:28 - 00000000 ___RD C:\Users\Owner\SkyDrive
2013-06-21 20:32 - 2013-06-24 14:28 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-06-21 20:32 - 2013-06-21 20:32 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-06-21 20:32 - 2013-06-21 20:32 - 00000000 ____D C:\ProgramData\Application Data\Microsoft SkyDrive
2013-06-21 20:31 - 2013-06-21 20:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2013-06-21 12:34 - 2013-06-24 14:28 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2013-06-21 12:28 - 2013-06-21 12:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-06-21 12:28 - 2013-06-21 12:28 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA Corporation
2013-06-21 06:40 - 2013-06-27 17:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-21 06:40 - 2013-06-27 17:36 - 00000000 ____D C:\ProgramData\Application Data\Spybot - Search & Destroy
2013-06-21 04:27 - 2013-06-24 14:29 - 00000000 ____D C:\Program Files (x86)\DV TS
2013-06-21 04:26 - 2013-06-24 14:28 - 00000000 ____D C:\Users\Owner\Desktop\Aiptek-Driver_V50
2013-06-21 01:32 - 2013-06-21 01:32 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-20 20:16 - 2013-06-20 20:16 - 00000000 ____D C:\Users\Owner\AppData\Local\CRE
2013-06-19 21:12 - 2013-06-19 21:12 - 00000000 ____D C:\Users\Owner\Desktop\NetworkConfiguration
2013-06-19 15:54 - 2013-06-19 15:54 - 00000508 ____A C:\Windows\DirectX.log
2013-06-19 15:50 - 2013-06-30 14:35 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 15:44 - 2013-06-19 15:44 - 00000024 ____A C:\Users\Owner\Documents\keygen for LOTR.txt
2013-06-19 15:33 - 2013-06-19 15:33 - 00001208 ____A C:\Users\Owner\Documents\startup.txt2.txt
2013-06-19 15:33 - 2013-06-19 15:33 - 00001208 ____A C:\Users\Owner\Documents\startup.txt
2013-06-19 02:46 - 2013-06-19 02:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Conceiva
2013-06-19 02:41 - 2013-06-19 02:41 - 01045072 ____A (BitTorrent Inc.) C:\Users\Owner\Downloads\utorrent.exe
2013-06-19 00:06 - 2013-06-25 14:36 - 00000000 ____D C:\Program Files (x86)\MediaFire Express
2013-06-18 16:57 - 2013-06-18 16:57 - 00000000 ___AD C:\Users\Owner\Documents\Converted Vids
2013-06-17 19:53 - 2013-06-27 18:44 - 00001966 ____A C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
2013-06-17 19:00 - 2013-06-17 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\DutchDuckIndexDat
2013-06-15 14:13 - 2013-06-23 05:51 - 00000000 ____D C:\users\Guest
2013-06-15 09:05 - 2013-06-24 14:28 - 00000000 ____D C:\Program Files (x86)\Total Video Converter
2013-06-14 04:58 - 2013-06-19 09:57 - 00000043 ____A C:\Windows\MezzmoMediaServer.INI
2013-06-14 03:36 - 2013-06-24 14:29 - 00000000 ____D C:\Users\Owner\Desktop\Mezzmo.2.7.1.0 Cracked
2013-06-13 16:56 - 2013-06-13 16:56 - 00000000 ___AD C:\Users\Owner\AppData\Roaming\PowerUp Software
2013-06-13 16:54 - 2013-06-13 16:54 - 00000000 ____D C:\ProgramData\PowerUp Software
2013-06-13 16:54 - 2013-06-13 16:54 - 00000000 ____D C:\ProgramData\Application Data\PowerUp Software
2013-06-13 16:53 - 2013-06-27 17:48 - 00119296 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-13 16:53 - 2013-06-13 16:53 - 00002106 ____A C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
2013-06-13 16:53 - 2009-07-13 21:16 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vers9203.rra
2013-06-13 16:53 - 2009-07-13 21:16 - 00015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsoc928f.rra
2013-06-13 16:53 - 2009-07-13 21:16 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shfo9176.rra
2013-06-13 16:53 - 2009-07-13 21:14 - 00126464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advp9109.rra
2013-06-13 16:53 - 2008-04-13 20:11 - 00619008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dx7vb.dll
2013-06-13 16:53 - 2008-01-13 20:59 - 00036864 ____A C:\Windows\SysWOW64\dxinputdll.dll
2013-06-13 16:53 - 2008-01-13 17:36 - 00091632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dsofile.dll
2013-06-13 16:53 - 2004-03-09 19:45 - 00212240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2013-06-13 16:53 - 2003-01-26 14:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll
2013-06-13 16:53 - 2002-08-09 12:18 - 00045056 ____N (Microsoft) C:\Windows\SysWOW64\NTSVC.ocx
2013-06-13 16:53 - 2001-04-05 07:43 - 00094208 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll
2013-06-13 16:53 - 2000-12-06 03:00 - 00109248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2013-06-13 16:53 - 2000-04-03 21:52 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2013-06-13 16:53 - 1999-05-17 14:55 - 00057344 ____N () C:\Windows\SysWOW64\ADsSecurity.dll
2013-06-13 16:53 - 1998-06-18 01:00 - 00089360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2013-06-13 16:52 - 2013-06-24 14:20 - 00000000 ____D C:\Program Files (x86)\PowerUp Software
2013-06-13 16:46 - 2013-06-13 16:46 - 00000000 ___AD C:\Users\Owner\AppData\Local\BigHugeEngine
2013-06-13 16:39 - 2013-06-17 19:43 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
2013-06-13 16:37 - 2013-06-13 16:37 - 00002221 ____A C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
2013-06-13 16:31 - 2013-06-13 16:31 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-06-12 20:34 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 20:34 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 20:34 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 20:34 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 20:34 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 20:34 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 20:34 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 20:34 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 20:34 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 20:34 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 20:34 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 20:34 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 08:37 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 08:37 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 08:37 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 08:37 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 08:37 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 08:37 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 08:37 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 08:37 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 08:06 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:06 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:06 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:05 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:05 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:05 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:05 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:05 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:05 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:05 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:05 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:05 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:05 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:05 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:05 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:05 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:05 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:05 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:05 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-10 19:58 - 2013-06-27 17:36 - 00000000 ___AD C:\Users\Owner\New folder
2013-06-10 16:52 - 2013-06-21 02:08 - 00000000 ___AD C:\Users\Owner\AppData\Roaming\Media Player Classic
2013-06-10 16:44 - 2013-06-10 16:44 - 00070671 ____A C:\Users\Owner\Documents\Filing Instructions non-incarcerated applicants.txt
2013-06-09 00:08 - 2013-06-14 04:51 - 00000000 ____A C:\Windows\SysWOW64\chrome.log
2013-06-09 00:07 - 2013-06-14 04:54 - 00000000 ____D C:\ProgramData\TVersity
2013-06-09 00:07 - 2013-06-14 04:54 - 00000000 ____D C:\ProgramData\Application Data\TVersity
2013-06-08 04:52 - 2013-06-08 23:51 - 00000000 ___AD C:\Users\Owner\AppData\Local\Nero
2013-06-08 04:50 - 2013-06-08 23:51 - 00000000 ____D C:\ProgramData\Nero
2013-06-08 04:50 - 2013-06-08 23:51 - 00000000 ____D C:\ProgramData\Application Data\Nero
2013-06-01 00:13 - 2013-06-01 00:13 - 00001129 ____A C:\Users\Owner\Desktop\Advanced PC Tweaker.lnk
2013-06-01 00:13 - 2013-06-01 00:13 - 00001084 ____A C:\Users\Owner\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk

==================== One Month Modified Files and Folders =======

2013-07-01 01:06 - 2013-04-14 02:55 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 00:31 - 2011-01-04 19:13 - 00120400 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-30 23:34 - 2013-06-30 23:27 - 142369424 ____A C:\Users\Owner\Downloads\avast_pro_antivirus_setup.exe
2013-06-30 23:11 - 2011-10-13 22:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-30 23:11 - 2011-10-13 22:50 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-06-30 23:08 - 2009-07-14 03:45 - 00000000 ____D C:\Windows\ShellNew
2013-06-30 23:08 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-06-30 23:04 - 2013-06-30 23:04 - 00000000 ____D C:\Program Files\Microsoft Office
2013-06-30 23:04 - 2009-07-13 22:34 - 00000510 ____A C:\Windows\win.ini
2013-06-30 22:58 - 2013-06-30 06:00 - 00000410 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-30 22:56 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-06-30 22:56 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-30 22:29 - 2013-06-30 22:29 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-06-30 21:47 - 2013-06-30 21:46 - 00025088 ____A C:\Users\Owner\Desktop\Addition.txt
2013-06-30 21:46 - 2013-06-30 21:46 - 00000000 ____D C:\FRST
2013-06-30 21:45 - 2013-06-30 21:45 - 01933758 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-30 21:43 - 2013-06-30 21:43 - 00016108 ____A C:\Users\Owner\Desktop\download.htm
2013-06-30 21:41 - 2013-04-02 05:07 - 00000000 ____D C:\Program Files (x86)\Advanced PC Tweaker
2013-06-30 20:11 - 2013-06-30 20:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
2013-06-30 20:11 - 2013-06-30 20:11 - 00000000 ____D C:\Users\Owner\AppData\LocalGoogle
2013-06-30 20:11 - 2013-04-14 02:55 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 20:11 - 2010-12-29 15:06 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-06-30 20:10 - 2013-06-30 20:10 - 00800192 ____A (Google Inc.) C:\Users\Owner\Downloads\googledrivesync.exe
2013-06-30 19:17 - 2013-06-30 19:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-30 19:16 - 2013-06-30 19:16 - 02347384 ____A (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2013-06-30 19:14 - 2009-07-14 00:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 19:14 - 2009-07-14 00:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 19:12 - 2013-06-30 19:12 - 00063872 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-30 19:12 - 2013-06-30 19:12 - 00015435 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-30 19:11 - 2013-04-06 18:54 - 01277654 ____A C:\Windows\WindowsUpdate.log
2013-06-30 19:09 - 2013-06-30 19:09 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.exe
2013-06-30 19:07 - 2013-06-24 14:32 - 00003985 ____A C:\Windows\setupact.log
2013-06-30 19:07 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 19:06 - 2013-06-30 19:05 - 00000969 ____A C:\AdwCleaner[S3].txt
2013-06-30 19:05 - 2013-06-30 19:05 - 00000910 ____A C:\AdwCleaner[R2].txt
2013-06-30 18:58 - 2013-06-30 18:57 - 00001287 ____A C:\AdwCleaner[S2].txt
2013-06-30 18:58 - 2013-06-25 11:37 - 00665014 ____A C:\Windows\PFRO.log
2013-06-30 18:57 - 2013-06-30 18:57 - 00648201 ____A C:\Users\Owner\Desktop\adwcleaner.exe
2013-06-30 18:57 - 2013-06-30 18:57 - 00001220 ____A C:\AdwCleaner[R1].txt
2013-06-30 18:56 - 2013-06-30 18:56 - 00890988 ____A C:\Users\Owner\Desktop\SecurityCheck (1).exe
2013-06-30 18:55 - 2013-06-30 18:55 - 00890988 ____A C:\Users\Owner\Downloads\SecurityCheck.exe
2013-06-30 18:36 - 2013-06-30 18:36 - 00026046 ____A C:\ComboFix.txt
2013-06-30 18:36 - 2013-06-30 18:26 - 00000000 ____D C:\ComboFix
2013-06-30 18:36 - 2013-06-30 18:25 - 00000000 ____D C:\Qoobox
2013-06-30 18:34 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-06-30 18:23 - 2013-06-30 18:23 - 05084517 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-06-30 18:00 - 2012-07-20 02:27 - 00000468 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-06-30 17:05 - 2013-06-30 17:05 - 00065232 ___AH (Malwarebytes) C:\Users\Owner\Downloads\regassassin-setup-1.03.exe
2013-06-30 17:03 - 2013-06-30 17:03 - 00584600 ____A C:\Users\Owner\Downloads\cbsidlm-tr1_13-GMER-SEO-10720107.exe
2013-06-30 17:03 - 2013-06-30 17:03 - 00000855 ____A C:\Users\Owner\Desktop\Install GMER.lnk
2013-06-30 15:28 - 2013-03-29 19:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 15:28 - 2013-03-29 19:52 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-06-30 15:24 - 2013-06-30 15:24 - 00000000 ____D C:\Program Files (x86)\ Online Backup
2013-06-30 15:12 - 2013-06-24 20:39 - 00009020 ____A C:\Windows\DPINST.LOG
2013-06-30 14:35 - 2013-06-19 15:50 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-30 14:29 - 2013-03-22 02:25 - 00000000 ____D C:\Program Files (x86)\Win7codecs
2013-06-30 14:29 - 2013-03-22 02:23 - 00000000 ____D C:\ProgramData\Win7codecs
2013-06-30 14:29 - 2013-03-22 02:23 - 00000000 ____D C:\ProgramData\Application Data\Win7codecs
2013-06-30 13:39 - 2009-07-14 01:13 - 00007322 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-30 08:41 - 2013-06-30 08:41 - 00000000 ____D C:\Users\Owner\Desktop\mbam-chameleon-1.62.1.1000
2013-06-30 08:34 - 2013-06-30 08:34 - 00007520 ____A C:\Users\Owner\Documents\cc_20130630_083400.reg
2013-06-30 08:28 - 2013-06-30 08:27 - 00000000 ____D C:\Windows\F9233F0256174BDC8EC64B798EDFE6F4.TMP
2013-06-30 08:28 - 2013-06-24 20:38 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2013-06-30 06:36 - 2013-04-03 11:28 - 00000000 ____D C:\Windows\erdnt
2013-06-30 06:36 - 2009-07-13 22:34 - 63438848 ____A C:\Windows\System32\config\software.bak
2013-06-30 06:36 - 2009-07-13 22:34 - 43515904 ____A C:\Windows\System32\config\system.bak
2013-06-30 06:36 - 2009-07-13 22:34 - 04980736 ____A C:\Windows\System32\config\default.bak
2013-06-30 06:36 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2013-06-30 06:36 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2013-06-30 06:13 - 2013-06-28 03:49 - 00000000 ____D C:\Program Files (x86)\PeanutButterCup.MB
2013-06-30 06:10 - 2013-06-30 06:10 - 00712264 ____A C:\Windows\is-2G064.exe
2013-06-30 06:10 - 2013-06-30 06:10 - 00011277 ____A C:\Windows\is-2G064.msg
2013-06-30 06:10 - 2013-06-30 06:10 - 00000358 ____A C:\Windows\is-2G064.lst
2013-06-30 06:10 - 2013-06-28 03:47 - 00001055 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 06:09 - 2013-06-30 06:09 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-30 06:00 - 2013-06-30 06:00 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
2013-06-30 05:59 - 2013-06-30 05:59 - 00671384 ____A (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\SlimDrivers-setup.exe
2013-06-30 05:35 - 2010-12-29 14:18 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-06-30 05:32 - 2013-06-30 05:32 - 00002995 ____A C:\Users\Owner\Desktop\HiJackThis.lnk
2013-06-30 05:32 - 2013-06-30 05:32 - 00000000 ____D C:\Program Files (x86)\HiPanties
2013-06-28 04:36 - 2013-06-28 04:36 - 00000646 ____A C:\Users\Owner\Documents\HIjackerfiles.reg
2013-06-28 03:50 - 2013-06-24 06:57 - 00002740 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-06-28 03:48 - 2013-06-28 03:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\PeanutButtercup.exe
2013-06-28 03:44 - 2013-06-28 03:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup.exe
2013-06-28 03:38 - 2013-06-28 03:36 - 00000035 ____A C:\Users\Owner\AppData\Roaming\SetValue.bat
2013-06-28 03:38 - 2013-06-28 03:35 - 00000000 ____A C:\Windows\System32\tmp.txt
2013-06-27 19:28 - 2013-06-27 19:14 - 95186888 ____A C:\Users\Owner\Downloads\vpsupd.exe
2013-06-27 19:10 - 2013-06-27 19:09 - 88785288 ____A C:\Users\Owner\Downloads\vpsupd4.exe
2013-06-27 18:56 - 2013-06-23 04:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-27 18:49 - 2013-06-27 18:49 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 18:46 - 2013-06-27 18:46 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 18:46 - 2013-04-08 00:07 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 18:46 - 2013-04-08 00:07 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 18:46 - 2013-04-08 00:06 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:44 - 2013-06-17 19:53 - 00001966 ____A C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
2013-06-27 17:49 - 2011-01-05 03:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-27 17:48 - 2013-06-13 16:53 - 00119296 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-27 17:38 - 2013-06-27 11:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-27 17:38 - 2010-12-29 14:18 - 00000000 ____D C:\users\Owner
2013-06-27 17:36 - 2013-06-25 04:16 - 00000000 ____D C:\users\Guest.Owner-PC56456
2013-06-27 17:36 - 2013-06-21 06:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-27 17:36 - 2013-06-21 06:40 - 00000000 ____D C:\ProgramData\Application Data\Spybot - Search & Destroy
2013-06-27 17:36 - 2013-06-10 19:58 - 00000000 ___AD C:\Users\Owner\New folder
2013-06-27 17:36 - 2011-10-15 12:53 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-27 17:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-27 17:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-06-27 16:53 - 2011-08-12 00:42 - 00000000 ___AD C:\Users\Owner\AppData\Local\CrashDumps
2013-06-27 07:17 - 2013-06-27 07:17 - 01034464 ____A (Solid State Networks) C:\Users\Owner\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-25 21:23 - 2011-01-05 05:24 - 00000000 ___AD C:\Users\Owner\AppData\Local\Adobe
2013-06-25 14:36 - 2013-06-19 00:06 - 00000000 ____D C:\Program Files (x86)\MediaFire Express
2013-06-25 14:22 - 2013-06-24 23:41 - 00000000 ____D C:\ProgramData\Norton
2013-06-25 14:22 - 2013-06-24 23:41 - 00000000 ____D C:\ProgramData\Application Data\Norton
2013-06-25 06:39 - 2013-04-20 14:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-25 06:39 - 2013-04-20 14:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-25 04:16 - 2013-06-25 04:16 - 00000020 __ASH C:\Users\Guest.Owner-PC56456\ntuser.ini
2013-06-25 00:33 - 2013-03-10 02:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Updater26278
2013-06-24 22:37 - 2013-06-24 22:37 - 00000000 ____D C:\ProgramData\Sophos
2013-06-24 22:37 - 2013-06-24 22:37 - 00000000 ____D C:\ProgramData\Application Data\Sophos
2013-06-24 22:35 - 2013-06-24 22:35 - 71612144 ____A (Sophos Limited) C:\Users\Owner\Downloads\Sophos Virus Removal Tool.exe
2013-06-24 20:39 - 2013-06-24 20:39 - 00000000 ____D C:\Program Files\DIFX
2013-06-24 20:38 - 2013-06-24 20:38 - 00000000 ____D C:\ProgramData\Leapfrog
2013-06-24 20:38 - 2013-06-24 20:38 - 00000000 ____D C:\ProgramData\Application Data\Leapfrog
2013-06-24 20:38 - 2013-06-24 20:37 - 44480392 ____A C:\Users\Owner\Downloads\LeapFrogConnectOfflineSetup_MyOwnLeaptop (1).exe
2013-06-24 14:32 - 2013-06-24 14:32 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 14:29 - 2013-06-21 04:27 - 00000000 ____D C:\Program Files (x86)\DV TS
2013-06-24 14:29 - 2013-06-14 03:36 - 00000000 ____D C:\Users\Owner\Desktop\Mezzmo.2.7.1.0 Cracked
2013-06-24 14:29 - 2013-04-13 12:26 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-06-24 14:29 - 2013-04-06 05:48 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2013-06-24 14:29 - 2013-02-26 23:14 - 00000000 ____D C:\Users\Owner\.android
2013-06-24 14:29 - 2013-02-13 00:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2013-06-24 14:29 - 2011-01-05 03:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-06-24 14:29 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-06-24 14:29 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-24 14:29 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\Dism
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\com
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-06-24 14:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\security
2013-06-24 14:28 - 2013-06-24 06:13 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-06-24 14:28 - 2013-06-21 20:36 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-24 14:28 - 2013-06-21 20:32 - 00000000 ___RD C:\Users\Owner\SkyDrive
2013-06-24 14:28 - 2013-06-21 20:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-06-24 14:28 - 2013-06-21 12:34 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2013-06-24 14:28 - 2013-06-21 04:26 - 00000000 ____D C:\Users\Owner\Desktop\Aiptek-Driver_V50
2013-06-24 14:28 - 2013-06-15 09:05 - 00000000 ____D C:\Program Files (x86)\Total Video Converter
2013-06-24 14:22 - 2013-04-09 17:10 - 00000000 ____D C:\users\Default
2013-06-24 14:21 - 2013-04-27 23:09 - 00000000 ____D C:\Program Files\Java
2013-06-24 14:20 - 2013-06-13 16:52 - 00000000 ____D C:\Program Files (x86)\PowerUp Software
2013-06-24 14:20 - 2011-01-05 03:34 - 00000000 ___AD C:\NVIDIA
2013-06-24 14:20 - 2010-12-29 14:46 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 12:05 - 2013-06-24 12:05 - 00006258 ____A C:\Users\Owner\Documents\install.txt
2013-06-24 08:32 - 2013-02-26 08:37 - 00035328 __ASH C:\Users\Owner\Documents\Thumbs.db
2013-06-24 06:51 - 2013-06-24 06:51 - 00164694 ____A C:\Users\Owner\AppData\Local\census.cache
2013-06-24 06:51 - 2013-06-24 06:51 - 00098539 ____A C:\Users\Owner\AppData\Local\ars.cache
2013-06-24 06:44 - 2013-06-24 06:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TrojanHunter
2013-06-24 06:43 - 2013-06-24 06:43 - 00000036 ____A C:\Users\Owner\AppData\Local\housecall.guid.cache
2013-06-23 19:19 - 2013-06-25 04:16 - 00000000 ____D C:\Users\Guest.Owner-PC56456\AppData\Local\Microsoft Help
2013-06-23 19:19 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-23 19:19 - 2013-06-23 19:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-23 17:23 - 2013-06-23 17:23 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-06-23 05:51 - 2013-06-15 14:13 - 00000000 ____D C:\users\Guest
2013-06-23 05:31 - 2013-06-23 05:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-06-23 05:27 - 2013-06-23 05:27 - 00000000 __RHD C:\MSOCache
2013-06-23 04:29 - 2013-06-23 04:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Oracle
2013-06-23 04:24 - 2013-06-23 04:24 - 00013540 ____A C:\Users\Owner\Documents\HitmanPro_20130623_0424.log
2013-06-23 04:24 - 2013-06-23 02:09 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-23 04:24 - 2013-06-23 02:09 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-06-23 03:22 - 2013-06-23 03:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-06-23 03:11 - 2013-06-23 03:11 - 00000000 ____D C:\Program Files (x86)\IObit
2013-06-23 01:13 - 2013-06-23 01:13 - 00000000 ____D C:\Users\Owner\Documents\ProcAlyzer Dumps
2013-06-23 00:11 - 2013-06-23 00:11 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated) (2).pin
2013-06-22 23:51 - 2013-06-22 23:51 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated).pin
2013-06-22 23:51 - 2013-06-22 23:51 - 00030121 ____A C:\Users\Owner\Downloads\Call of Duty Modern Warfare 3 (Updated) (1).pin
2013-06-21 20:56 - 2013-06-21 20:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2013-06-21 20:37 - 2011-10-13 22:53 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-21 20:36 - 2013-06-21 20:36 - 00000000 ____D C:\Windows\PCHEALTH
2013-06-21 20:32 - 2013-06-21 20:32 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-06-21 20:32 - 2013-06-21 20:32 - 00000000 ____D C:\ProgramData\Application Data\Microsoft SkyDrive
2013-06-21 12:28 - 2013-06-21 12:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-06-21 12:28 - 2013-06-21 12:28 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA Corporation
2013-06-21 09:40 - 2013-02-06 10:41 - 00000000 ___RD C:\users\Mcx1-OWNER-PC56456
2013-06-21 02:20 - 2013-05-03 00:08 - 00000000 ___AD C:\Users\Owner\Documents\Derek's Zombies
2013-06-21 02:08 - 2013-06-10 16:52 - 00000000 ___AD C:\Users\Owner\AppData\Roaming\Media Player Classic
2013-06-21 01:32 - 2013-06-21 01:32 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-20 20:16 - 2013-06-20 20:16 - 00000000 ____D C:\Users\Owner\AppData\Local\CRE
2013-06-19 21:12 - 2013-06-19 21:12 - 00000000 ____D C:\Users\Owner\Desktop\NetworkConfiguration
2013-06-19 15:54 - 2013-06-19 15:54 - 00000508 ____A C:\Windows\DirectX.log
2013-06-19 15:44 - 2013-06-19 15:44 - 00000024 ____A C:\Users\Owner\Documents\keygen for LOTR.txt
2013-06-19 15:33 - 2013-06-19 15:33 - 00001208 ____A C:\Users\Owner\Documents\startup.txt2.txt
2013-06-19 15:33 - 2013-06-19 15:33 - 00001208 ____A C:\Users\Owner\Documents\startup.txt
2013-06-19 12:00 - 2013-04-10 12:10 - 00000524 ____A C:\Windows\Tasks\One-Click Tweak.job
2013-06-19 09:57 - 2013-06-14 04:58 - 00000043 ____A C:\Windows\MezzmoMediaServer.INI
2013-06-19 02:46 - 2013-06-19 02:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Conceiva
2013-06-19 02:41 - 2013-06-19 02:41 - 01045072 ____A (BitTorrent Inc.) C:\Users\Owner\Downloads\utorrent.exe
2013-06-19 00:38 - 2011-01-04 19:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Cyberlink
2013-06-18 16:57 - 2013-06-18 16:57 - 00000000 ___AD C:\Users\Owner\Documents\Converted Vids
2013-06-17 19:53 - 2013-04-08 00:06 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-17 19:49 - 2013-03-31 13:30 - 00000000 ____D C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2013-06-17 19:49 - 2013-03-23 22:26 - 00000000 ____D C:\Users\Owner\SecurityScans
2013-06-17 19:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2013-06-17 19:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-17 19:48 - 2013-05-16 13:57 - 00000000 ___AD C:\Users\Owner\Documents\Dolphin-3.5-win32
2013-06-17 19:48 - 2013-05-11 14:36 - 00000000 ____D C:\Users\Owner\Documents\snes9x-1.52-win32.fix4-1183
2013-06-17 19:48 - 2013-04-14 21:52 - 00000000 ____D C:\Users\Owner\Documents\My Games
2013-06-17 19:48 - 2013-03-03 04:59 - 00000000 ____D C:\Users\Owner\AppData\Local\Samsung
2013-06-17 19:48 - 2013-02-07 22:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Downloaded Installations
2013-06-17 19:48 - 2012-09-11 22:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PowerISO
2013-06-17 19:48 - 2012-03-11 04:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\InfinaDyne
2013-06-17 19:48 - 2012-02-09 00:38 - 00000000 ___SD C:\Users\Owner\Documents\My Data Sources
2013-06-17 19:48 - 2011-11-22 10:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinBatch
2013-06-17 19:48 - 2011-01-30 13:50 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2013-06-17 19:47 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2013-06-17 19:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2013-06-17 19:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Globalization
2013-06-17 19:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Branding
2013-06-17 19:44 - 2013-05-16 13:47 - 00000000 ____D C:\Users\Owner\Documents\Project64 2.1
2013-06-17 19:43 - 2013-06-13 16:39 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
2013-06-17 19:43 - 2013-03-28 18:00 - 00000000 ____D C:\Users\Owner\AppData\Local\IsolatedStorage
2013-06-17 19:43 - 2013-02-07 00:41 - 00000000 ____D C:\Users\Owner\Documents\Fax
2013-06-17 19:43 - 2012-08-09 21:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.purple
2013-06-17 19:43 - 2011-01-05 05:22 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Games
2013-06-17 19:43 - 2010-12-29 16:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2013-06-17 19:43 - 2010-12-29 16:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2013-06-17 19:00 - 2013-06-17 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\DutchDuckIndexDat
2013-06-17 18:11 - 2013-03-10 02:44 - 00000000 ____D C:\Program Files (x86)\Pointstone
2013-06-15 06:15 - 2011-10-17 21:14 - 00227840 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-15 04:44 - 2013-05-28 07:53 - 00000000 ___AD C:\Users\Owner\Desktop\Gamecube games
2013-06-14 10:55 - 2013-03-29 03:49 - 00000000 ____D C:\Windows\Minidump
2013-06-14 04:54 - 2013-06-09 00:07 - 00000000 ____D C:\ProgramData\TVersity
2013-06-14 04:54 - 2013-06-09 00:07 - 00000000 ____D C:\ProgramData\Application Data\TVersity
2013-06-14 04:51 - 2013-06-09 00:08 - 00000000 ____A C:\Windows\SysWOW64\chrome.log
2013-06-13 16:56 - 2013-06-13 16:56 - 00000000 ___AD C:\Users\Owner\AppData\Roaming\PowerUp Software
2013-06-13 16:54 - 2013-06-13 16:54 - 00000000 ____D C:\ProgramData\PowerUp Software
2013-06-13 16:54 - 2013-06-13 16:54 - 00000000 ____D C:\ProgramData\Application Data\PowerUp Software
2013-06-13 16:53 - 2013-06-13 16:53 - 00002106 ____A C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
2013-06-13 16:46 - 2013-06-13 16:46 - 00000000 ___AD C:\Users\Owner\AppData\Local\BigHugeEngine
2013-06-13 16:37 - 2013-06-13 16:37 - 00002221 ____A C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
2013-06-13 16:31 - 2013-06-13 16:31 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-06-12 19:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 08:38 - 2010-12-29 15:34 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 16:44 - 2013-06-10 16:44 - 00070671 ____A C:\Users\Owner\Documents\Filing Instructions non-incarcerated applicants.txt
2013-06-08 23:51 - 2013-06-08 04:52 - 00000000 ___AD C:\Users\Owner\AppData\Local\Nero
2013-06-08 23:51 - 2013-06-08 04:50 - 00000000 ____D C:\ProgramData\Nero
2013-06-08 23:51 - 2013-06-08 04:50 - 00000000 ____D C:\ProgramData\Application Data\Nero
2013-06-08 21:46 - 2009-07-14 01:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 10:08 - 2013-06-12 20:34 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 10:07 - 2013-06-12 20:34 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 10:06 - 2013-06-12 20:34 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 10:06 - 2013-06-12 20:34 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 10:06 - 2013-06-12 20:34 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 08:28 - 2013-06-12 20:34 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 07:42 - 2013-06-12 20:34 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 07:40 - 2013-06-12 20:34 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 07:40 - 2013-06-12 20:34 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 07:40 - 2013-06-12 20:34 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 07:40 - 2013-06-12 20:34 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 07:13 - 2013-06-12 20:34 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-03 09:15 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-06-01 00:15 - 2013-03-09 23:42 - 00000042 ____A C:\Windows\SysWOW64\APCT.lie
2013-06-01 00:13 - 2013-06-01 00:13 - 00001129 ____A C:\Users\Owner\Desktop\Advanced PC Tweaker.lnk
2013-06-01 00:13 - 2013-06-01 00:13 - 00001084 ____A C:\Users\Owner\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 07:24
==================== End Of Log ============================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03
Ran by Owner at 2013-07-01 01:00:47 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.

==== End of Fixlog ====
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello dmountz1983

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Finally in this post

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
So when you return please post
  • JRT.txt
  • checkup.txt
  • OTL.txt
  • Extras.txt

  • 0

#7
dmountz1983

dmountz1983

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Mon 07/01/2013 at 3:28:13.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\savings explorer"
Successfully deleted: [Folder] "C:\Program Files (x86)\advanced pc tweaker"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/01/2013 at 3:31:41.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL Extras logfile created on: 7/1/2013 3:35:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free
4.01 Gb Paging File | 2.43 Gb Available in Paging File | 60.62% Paging File free
Paging file location(s): c:\pagefile.sys 16 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.39 Gb Total Space | 719.82 Gb Free Space | 77.28% Space Free | Partition Type: NTFS
Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 120.00 Mb Total Space | 51.52 Mb Free Space | 42.94% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC56456 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B87153-C794-4AC9-8BB4-ED319925419C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0AD314AD-D058-40DD-AAB7-DEAF6A8F6E26}" = lport=445 | protocol=6 | dir=in | app=system |
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{1203F332-9D35-4D35-BEA8-1C205AD109BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{204A6AA5-9247-4962-B215-AE31E13E695F}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2E6786AE-7EE9-4286-AFC6-C70D6A6F72FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{31ECD338-8981-4799-9E6C-4CAB14C2B27E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{32025CB0-B001-47BA-8294-50B3FF51438D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C7F9057-8A52-4CB6-8724-545BCE41DD8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F923EF3-9E93-40D4-88D4-49751FFB82E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{402EFE33-01D9-47BB-B494-D60A0DAC33D1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{41C01D32-A382-4474-ACA9-05E9AC762C7E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F3D4D0B-3F66-49C6-832F-B1397A4E1A4B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{628A28D9-FF78-4DA0-8AED-05E7AADE33B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{701D0519-FD96-4C48-B3D0-996A00C7D481}" = lport=137 | protocol=17 | dir=in | app=system |
"{70A226F6-556D-4D3C-92B7-01641ED2A0E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system |
"{8223C831-5228-4D95-BB94-DFA42D00F7F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83A0C60B-3D22-45AA-8145-E9B408A5A2C4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{83A6ED10-C045-4FD1-A91B-0DCB935697FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{852E93A0-BB3F-4394-88E9-8907D4585699}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{998CBCEA-9DC6-45E7-86C9-9F656177C84D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B28F8E1-8113-4948-BA8E-5297D3E10C17}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A2279AB5-A130-4785-A453-CE19BE01E289}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A235FE69-973C-44C7-92A1-BCAC611FDFA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system |
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C8AE1E93-7B57-4E77-98FF-F15AD14C9890}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9505CBE-D0EF-4F81-B745-20C1FFF2248F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB5F3839-961F-4D85-AA61-D75471950557}" = rport=139 | protocol=6 | dir=out | app=system |
"{D2421F7C-B130-4C8B-B719-1A186BCBE5FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D96ED771-50DC-43B2-B52F-9A8613DA3423}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DE96D4EC-85A9-4E97-ABFB-204FC3F86520}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DFB5ACBE-9055-47C4-B2DD-20EC699D20EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E97CA275-A4C6-452B-BD33-7369568185FD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EE7BD672-6AAF-40B5-BE28-2330DC863ED3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE9FB76D-7590-4438-A06F-C3EB101F19FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF6B46CE-A536-4896-88E8-03F6CA0B3C9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DBE3C6-3ED9-40EE-B0D7-B8B32262A8C4}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{06F360CA-D31A-41A0-99FE-3A5DD5BCC582}" = protocol=6 | dir=in | app=c:\users\owner\downloads\smitfraudfix\smiupdate.exe |
"{0F712805-A79E-4C5E-9158-D6EF4AB373EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | [email protected],-28543 |
"{2E160A95-F079-425B-9DC7-83029979D308}" = protocol=6 | dir=in | app=c:\program files (x86)\advanced pc tweaker\oneclick.exe |
"{2F7277E9-3E1F-408D-9C49-D655F311DF44}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{434E3B52-449E-482E-B4A5-4D502EB09467}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DA3135C-FE3A-4327-9163-37CEA0209ED3}" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | [email protected],-28544 |
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5523A374-6519-4A0C-8971-ABA32CDA1E42}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{603A41F2-7444-412E-BD02-91F86C9E4018}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61723A7B-C871-4B7A-B206-8020C32E66F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61FCDC80-9073-47BA-BB19-C7DC42E0FB04}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B55D076-06D4-46BB-B5BF-736C570516C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72065031-1BF3-4F91-B949-0DE7443A32EA}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{7B0CA09B-E132-4AA1-8B28-59AA97CB5C57}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80E50223-E2FD-4193-8A91-4030BE3CFF72}" = protocol=17 | dir=in | app=c:\program files (x86)\advanced pc tweaker\advancedpctweaker.exe |
"{818A1713-A2D1-4238-8DC4-131DF01E6C63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82EA642A-0462-4F41-9E57-AE801D0BBD19}" = protocol=17 | dir=in | app=c:\users\owner\downloads\smitfraudfix\smiupdate.exe |
"{85DE742B-FDA0-4264-A61C-EA4C4D8ADA84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9392980B-C614-45EF-AAD3-3DB472021E07}" = protocol=6 | dir=in | app=c:\users\owner\documents\diablo 2\diablo ii\diablo ii.exe |
"{9B15F693-7BE6-4C83-ACC0-C481A95321E0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9CD09840-B549-4F75-9EEB-6BE3B543DAE8}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{A1DBE38C-BA81-438D-97B9-BA4245B9867E}" = protocol=17 | dir=in | app=c:\users\owner\documents\diablo 2\diablo ii\diablo ii.exe |
"{A67C4593-CCC6-417C-9943-1BFAE1A29364}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{AB583B83-C29D-41E5-93EC-830BD27999A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system |
"{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{ADDC4BB5-5AFE-441F-ADDF-A4CCB8F05FEC}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |
"{ADEBBF67-70D5-4FA4-AAF2-716978692770}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |
"{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B171741B-0C9D-4F5A-A157-49325BF6A3EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8B4E785-9232-4B9A-8B01-74C63AC2AA26}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{BAC9C811-B7F0-456B-B9DD-2893C6828BC0}" = protocol=6 | dir=in | app=c:\program files (x86)\advanced pc tweaker\advancedpctweaker.exe |
"{BC3D0CF9-BAEC-40F8-88F6-1C3392987561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | [email protected],-28545 |
"{E5E27D54-306C-4BC6-AE3A-22CF3AC3C41D}" = protocol=6 | dir=out | app=system |
"{E703C354-A290-406E-A6D8-E66CA9F002F7}" = protocol=17 | dir=in | app=c:\program files (x86)\advanced pc tweaker\oneclick.exe |
"{E9F5179B-7B92-42CC-8D45-C0CA6BD9FDA1}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | [email protected],-28546 |
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBE29517-1759-40D9-8E9E-E440272B71F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{2C0709D6-D8AE-4B1B-B1EB-7A4DDB7409D5}C:\program files (x86)\r.g. mechanics\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r.g. mechanics\need for speed most wanted\nfs13.exe |
"TCP Query User{34BE1A10-AEC5-4AC3-A6E3-4F25F67DCE51}C:\program files (x86)\ea sports\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe |
"TCP Query User{45FFC83E-BEA6-4D9C-B25D-8FF8C4C3DBF4}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"TCP Query User{7D2D1271-3F24-498F-99EC-844C0511B285}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{7D8B79A9-ED8C-46D1-A44F-C763DBF53BCA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8F12B0E0-AA4E-44E9-9D55-83B36BB36F4F}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"TCP Query User{E4714ADC-D31E-483B-BED7-EE134571BD0A}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{04870D66-C8F2-469A-BBEE-DB139BBAEF25}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{23F6D118-4F2F-4EBF-9635-1FD1D307CCFF}C:\program files (x86)\r.g. mechanics\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r.g. mechanics\need for speed most wanted\nfs13.exe |
"UDP Query User{2E381172-B816-4D1B-8F46-CB0A09898552}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{34894339-9F0E-4D9E-A499-35A742B86168}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"UDP Query User{74A524AD-CBDC-416A-A7D0-526D1956B5C3}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{940C9419-E75F-45E4-A435-33763B4DE313}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{DBF13FBD-CBFC-4899-AE8C-FA141AE89B37}C:\program files (x86)\ea sports\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{E1D00057-82F0-4EA1-91C2-270682EB9C98}" = SlimDrivers
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced PC Tweaker_is1" = Advanced PC Tweaker v4.2
"avast" = avast! Pro Antivirus
"Avast_2050_ZeNiX [2012-06-29]_is1" = Avast License by ZeNiX [2012-06-29]
"Google Chrome" = Google Chrome
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"uTorrent" = µTorrent

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mezzmo" = Mezzmo

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 7/1/2013 3:38:10 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:38:10 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/1/2013 3:38:10 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:38:10 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >



OTL Extras logfile created on: 7/1/2013 3:35:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free
4.01 Gb Paging File | 2.43 Gb Available in Paging File | 60.62% Paging File free
Paging file location(s): c:\pagefile.sys 16 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.39 Gb Total Space | 719.82 Gb Free Space | 77.28% Space Free | Partition Type: NTFS
Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 120.00 Mb Total Space | 51.52 Mb Free Space | 42.94% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC56456 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B87153-C794-4AC9-8BB4-ED319925419C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0AD314AD-D058-40DD-AAB7-DEAF6A8F6E26}" = lport=445 | protocol=6 | dir=in | app=system |
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{1203F332-9D35-4D35-BEA8-1C205AD109BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{204A6AA5-9247-4962-B215-AE31E13E695F}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2E6786AE-7EE9-4286-AFC6-C70D6A6F72FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{31ECD338-8981-4799-9E6C-4CAB14C2B27E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{32025CB0-B001-47BA-8294-50B3FF51438D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C7F9057-8A52-4CB6-8724-545BCE41DD8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F923EF3-9E93-40D4-88D4-49751FFB82E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{402EFE33-01D9-47BB-B494-D60A0DAC33D1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{41C01D32-A382-4474-ACA9-05E9AC762C7E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F3D4D0B-3F66-49C6-832F-B1397A4E1A4B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{628A28D9-FF78-4DA0-8AED-05E7AADE33B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{701D0519-FD96-4C48-B3D0-996A00C7D481}" = lport=137 | protocol=17 | dir=in | app=system |
"{70A226F6-556D-4D3C-92B7-01641ED2A0E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system |
"{8223C831-5228-4D95-BB94-DFA42D00F7F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83A0C60B-3D22-45AA-8145-E9B408A5A2C4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{83A6ED10-C045-4FD1-A91B-0DCB935697FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{852E93A0-BB3F-4394-88E9-8907D4585699}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{998CBCEA-9DC6-45E7-86C9-9F656177C84D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B28F8E1-8113-4948-BA8E-5297D3E10C17}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A2279AB5-A130-4785-A453-CE19BE01E289}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A235FE69-973C-44C7-92A1-BCAC611FDFA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system |
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C8AE1E93-7B57-4E77-98FF-F15AD14C9890}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9505CBE-D0EF-4F81-B745-20C1FFF2248F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB5F3839-961F-4D85-AA61-D75471950557}" = rport=139 | protocol=6 | dir=out | app=system |
"{D2421F7C-B130-4C8B-B719-1A186BCBE5FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D96ED771-50DC-43B2-B52F-9A8613DA3423}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DE96D4EC-85A9-4E97-ABFB-204FC3F86520}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DFB5ACBE-9055-47C4-B2DD-20EC699D20EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E97CA275-A4C6-452B-BD33-7369568185FD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EE7BD672-6AAF-40B5-BE28-2330DC863ED3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE9FB76D-7590-4438-A06F-C3EB101F19FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF6B46CE-A536-4896-88E8-03F6CA0B3C9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DBE3C6-3ED9-40EE-B0D7-B8B32262A8C4}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{06F360CA-D31A-41A0-99FE-3A5DD5BCC582}" = protocol=6 | dir=in | app=c:\users\owner\downloads\smitfraudfix\smiupdate.exe |
"{0F712805-A79E-4C5E-9158-D6EF4AB373EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | [email protected],-28543 |
"{2E160A95-F079-425B-9DC7-83029979D308}" = protocol=6 | dir=in | app=c:\program files (x86)\advanced pc tweaker\oneclick.exe |
"{2F7277E9-3E1F-408D-9C49-D655F311DF44}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{434E3B52-449E-482E-B4A5-4D502EB09467}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DA3135C-FE3A-4327-9163-37CEA0209ED3}" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | [email protected],-28544 |
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5523A374-6519-4A0C-8971-ABA32CDA1E42}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{603A41F2-7444-412E-BD02-91F86C9E4018}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61723A7B-C871-4B7A-B206-8020C32E66F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61FCDC80-9073-47BA-BB19-C7DC42E0FB04}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B55D076-06D4-46BB-B5BF-736C570516C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72065031-1BF3-4F91-B949-0DE7443A32EA}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{7B0CA09B-E132-4AA1-8B28-59AA97CB5C57}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80E50223-E2FD-4193-8A91-4030BE3CFF72}" = protocol=17 | dir=in | app=c:\program files (x86)\advanced pc tweaker\advancedpctweaker.exe |
"{818A1713-A2D1-4238-8DC4-131DF01E6C63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82EA642A-0462-4F41-9E57-AE801D0BBD19}" = protocol=17 | dir=in | app=c:\users\owner\downloads\smitfraudfix\smiupdate.exe |
"{85DE742B-FDA0-4264-A61C-EA4C4D8ADA84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9392980B-C614-45EF-AAD3-3DB472021E07}" = protocol=6 | dir=in | app=c:\users\owner\documents\diablo 2\diablo ii\diablo ii.exe |
"{9B15F693-7BE6-4C83-ACC0-C481A95321E0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9CD09840-B549-4F75-9EEB-6BE3B543DAE8}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{A1DBE38C-BA81-438D-97B9-BA4245B9867E}" = protocol=17 | dir=in | app=c:\users\owner\documents\diablo 2\diablo ii\diablo ii.exe |
"{A67C4593-CCC6-417C-9943-1BFAE1A29364}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{AB583B83-C29D-41E5-93EC-830BD27999A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system |
"{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{ADDC4BB5-5AFE-441F-ADDF-A4CCB8F05FEC}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |
"{ADEBBF67-70D5-4FA4-AAF2-716978692770}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |
"{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B171741B-0C9D-4F5A-A157-49325BF6A3EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8B4E785-9232-4B9A-8B01-74C63AC2AA26}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{BAC9C811-B7F0-456B-B9DD-2893C6828BC0}" = protocol=6 | dir=in | app=c:\program files (x86)\advanced pc tweaker\advancedpctweaker.exe |
"{BC3D0CF9-BAEC-40F8-88F6-1C3392987561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | [email protected],-28545 |
"{E5E27D54-306C-4BC6-AE3A-22CF3AC3C41D}" = protocol=6 | dir=out | app=system |
"{E703C354-A290-406E-A6D8-E66CA9F002F7}" = protocol=17 | dir=in | app=c:\program files (x86)\advanced pc tweaker\oneclick.exe |
"{E9F5179B-7B92-42CC-8D45-C0CA6BD9FDA1}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | [email protected],-28546 |
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBE29517-1759-40D9-8E9E-E440272B71F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{2C0709D6-D8AE-4B1B-B1EB-7A4DDB7409D5}C:\program files (x86)\r.g. mechanics\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r.g. mechanics\need for speed most wanted\nfs13.exe |
"TCP Query User{34BE1A10-AEC5-4AC3-A6E3-4F25F67DCE51}C:\program files (x86)\ea sports\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe |
"TCP Query User{45FFC83E-BEA6-4D9C-B25D-8FF8C4C3DBF4}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"TCP Query User{7D2D1271-3F24-498F-99EC-844C0511B285}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{7D8B79A9-ED8C-46D1-A44F-C763DBF53BCA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8F12B0E0-AA4E-44E9-9D55-83B36BB36F4F}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"TCP Query User{E4714ADC-D31E-483B-BED7-EE134571BD0A}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{04870D66-C8F2-469A-BBEE-DB139BBAEF25}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{23F6D118-4F2F-4EBF-9635-1FD1D307CCFF}C:\program files (x86)\r.g. mechanics\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r.g. mechanics\need for speed most wanted\nfs13.exe |
"UDP Query User{2E381172-B816-4D1B-8F46-CB0A09898552}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{34894339-9F0E-4D9E-A499-35A742B86168}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"UDP Query User{74A524AD-CBDC-416A-A7D0-526D1956B5C3}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{940C9419-E75F-45E4-A435-33763B4DE313}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{DBF13FBD-CBFC-4899-AE8C-FA141AE89B37}C:\program files (x86)\ea sports\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{E1D00057-82F0-4EA1-91C2-270682EB9C98}" = SlimDrivers
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced PC Tweaker_is1" = Advanced PC Tweaker v4.2
"avast" = avast! Pro Antivirus
"Avast_2050_ZeNiX [2012-06-29]_is1" = Avast License by ZeNiX [2012-06-29]
"Google Chrome" = Google Chrome
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"uTorrent" = µTorrent

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mezzmo" = Mezzmo

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 7/1/2013 3:38:10 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:38:10 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/1/2013 3:38:10 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:38:10 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 7/1/2013 3:40:17 AM | Computer Name = Owner-PC56456 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >






Checkup.txt came back as an unsupported OS. Thank you for your help thus far.
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Looks like you posted the Extras file twice.

Any chance of the OTL.txt one.

Also

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#9
dmountz1983

dmountz1983

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 7/1/2013 3:35:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free
4.01 Gb Paging File | 2.43 Gb Available in Paging File | 60.62% Paging File free
Paging file location(s): c:\pagefile.sys 16 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.39 Gb Total Space | 719.82 Gb Free Space | 77.28% Space Free | Partition Type: NTFS
Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 120.00 Mb Total Space | 51.52 Mb Free Space | 42.94% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC56456 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\version.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\PeanutButterCup.MB\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys (Prevx)
DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (ssmirrdr) -- C:\Windows\SysNative\drivers\ssmirrdr.sys (support.com, Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 DC 5E A6 A6 C0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 76 3C 43 0D 61 6C D6 45 99 7D 04 DC 80 1D AE DC [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.GamingWonderland.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUpx64: File not found



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Raindrops = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/30 06:38:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B93DD8-D672-4D17-9E2F-4068DA6239E6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{406374BE-75AA-4690-AC4B-45E02E89C57B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AAC767A-3423-40B1-AEA8-3A4D8CBBDEF0}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/01 03:34:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/01 03:29:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/01 03:28:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/01 03:27:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/01 03:27:11 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/06/30 23:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/06/30 23:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/06/30 22:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/06/30 21:46:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/30 21:45:18 | 001,933,758 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/06/30 20:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/30 19:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/06/30 19:16:38 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2013/06/30 19:09:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.exe
[2013/06/30 18:36:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/30 18:26:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/30 18:26:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/30 18:26:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/30 18:26:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/06/30 18:25:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/30 18:23:52 | 005,084,517 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/06/30 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Online Backup
[2013/06/30 08:41:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbam-chameleon-1.62.1.1000
[2013/06/30 06:00:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
[2013/06/30 06:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/06/30 06:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013/06/30 06:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/06/30 05:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiPanties
[2013/06/28 03:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PeanutButterCup.MB
[2013/06/28 03:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/28 03:47:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/28 03:34:30 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysNative\VCCLSID.exe
[2013/06/28 03:34:30 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysNative\SrchSTS.exe
[2013/06/28 03:34:30 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swreg.exe
[2013/06/28 03:34:30 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\VACFix.exe
[2013/06/28 03:34:30 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.exe
[2013/06/28 03:34:30 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.C.exe
[2013/06/28 03:34:30 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\404Fix.exe
[2013/06/28 03:34:30 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\o4Patch.exe
[2013/06/28 03:34:30 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swxcacls.exe
[2013/06/28 03:34:30 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\Agent.OMZ.Fix.exe
[2013/06/28 03:34:29 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysNative\Process.exe
[2013/06/27 11:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/06/24 23:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/06/24 23:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/06/24 23:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/06/24 22:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/06/24 20:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/06/24 20:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2013/06/24 20:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapFrog
[2013/06/24 06:44:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TrojanHunter
[2013/06/24 06:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5
[2013/06/23 17:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/06/23 05:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/06/23 05:27:15 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/06/23 04:37:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/06/23 04:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/06/23 03:22:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/06/23 03:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/06/23 02:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/23 01:13:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ProcAlyzer Dumps
[2013/06/21 20:36:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/06/21 20:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/06/21 20:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/06/21 20:32:40 | 000,000,000 | R--D | C] -- C:\Users\Owner\SkyDrive
[2013/06/21 20:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/06/21 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live
[2013/06/21 20:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/06/21 12:34:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New folder
[2013/06/21 12:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/06/21 06:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/21 04:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2013/06/21 04:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DV TS
[2013/06/21 04:26:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Aiptek-Driver_V50
[2013/06/21 01:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/06/20 20:16:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE
[2013/06/20 18:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFConfig
[2013/06/19 21:12:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\NetworkConfiguration
[2013/06/19 18:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/19 15:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/06/19 15:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013/06/19 02:46:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Conceiva
[2013/06/19 00:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaFire Express
[2013/06/18 16:57:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Converted Vids
[2013/06/17 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DutchDuckIndexDat
[2013/06/17 18:11:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Index.Dat Viewer 3
[2013/06/15 09:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2013/06/14 05:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mezzmo
[2013/06/14 03:36:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Mezzmo.2.7.1.0 Cracked
[2013/06/13 16:56:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PowerUp Software
[2013/06/13 16:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PowerUp Software
[2013/06/13 16:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler
[2013/06/13 16:53:05 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dx7vb.dll
[2013/06/13 16:53:05 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2013/06/13 16:53:05 | 000,094,208 | R-S- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2013/06/13 16:53:05 | 000,091,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsofile.dll
[2013/06/13 16:53:05 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL
[2013/06/13 16:53:04 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2013/06/13 16:53:04 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2013/06/13 16:53:04 | 000,045,056 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\NTSVC.ocx
[2013/06/13 16:53:04 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2013/06/13 16:53:03 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advp9109.rra
[2013/06/13 16:53:03 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vers9203.rra
[2013/06/13 16:53:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsoc928f.rra
[2013/06/13 16:53:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shfo9176.rra
[2013/06/13 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerUp Software
[2013/06/13 16:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/06/13 16:46:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\BigHugeEngine
[2013/06/13 16:39:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SKIDROW
[2013/06/13 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013/06/13 16:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2013/06/12 20:34:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/12 20:34:11 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/12 08:37:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 08:37:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 08:37:12 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 08:37:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 08:37:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 08:37:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 08:37:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 08:37:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 08:37:12 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 08:37:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 08:37:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 08:37:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 08:37:09 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 08:06:08 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 08:06:08 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 08:05:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 08:05:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 08:05:53 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 08:05:50 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 08:05:49 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 08:05:49 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 08:05:49 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 08:05:49 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 08:05:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 08:05:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 08:05:42 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/10 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\New folder
[2013/06/10 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Media Player Classic
[2013/06/09 00:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2013/06/08 04:52:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Nero
[2013/06/08 04:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/01 03:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/01 03:33:50 | 000,890,988 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/07/01 03:33:01 | 000,890,988 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck (1).exe
[2013/07/01 03:27:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/07/01 03:24:59 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/07/01 03:24:18 | 000,024,777 | ---- | M] () -- C:\Users\Owner\Desktop\download (1).htm
[2013/07/01 03:23:34 | 000,016,374 | ---- | M] () -- C:\Users\Owner\Desktop\download.htm
[2013/07/01 03:17:34 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 03:17:34 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 03:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/01 03:10:09 | 000,435,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/01 01:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 21:45:23 | 001,933,758 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/06/30 20:11:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
[2013/06/30 19:16:38 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2013/06/30 19:09:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.exe
[2013/06/30 18:57:08 | 000,648,201 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/06/30 18:23:58 | 005,084,517 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/06/30 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/06/30 17:03:53 | 000,000,855 | ---- | M] () -- C:\Users\Owner\Desktop\Install GMER.lnk
[2013/06/30 13:39:48 | 002,493,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/30 13:39:48 | 000,750,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/30 13:39:48 | 000,007,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/30 08:34:08 | 000,007,520 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130630_083400.reg
[2013/06/30 06:38:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/30 06:10:42 | 000,712,264 | ---- | M] () -- C:\Windows\is-2G064.exe
[2013/06/30 06:10:42 | 000,011,277 | ---- | M] () -- C:\Windows\is-2G064.msg
[2013/06/30 06:10:42 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/30 06:10:42 | 000,000,358 | ---- | M] () -- C:\Windows\is-2G064.lst
[2013/06/30 06:00:46 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/06/30 05:32:56 | 000,002,995 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/06/28 04:36:52 | 000,000,646 | ---- | M] () -- C:\Users\Owner\Documents\HIjackerfiles.reg
[2013/06/28 03:38:22 | 000,000,035 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\SetValue.bat
[2013/06/27 18:46:01 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 18:46:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 18:46:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 18:46:00 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 18:46:00 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 18:46:00 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 18:44:51 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/06/27 17:48:42 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2013/06/25 06:39:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/25 06:39:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/24 06:51:34 | 000,164,694 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache
[2013/06/24 06:51:24 | 000,098,539 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache
[2013/06/24 06:43:58 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/06/19 12:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2013/06/19 09:57:50 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2013/06/19 02:42:33 | 000,000,835 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/06/19 02:13:48 | 000,020,676 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2013/06/17 19:53:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/06/15 06:15:51 | 000,227,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/13 16:53:15 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2013/06/13 16:37:39 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2013/06/10 16:47:00 | 000,268,589 | ---- | M] () -- C:\Users\Owner\Documents\ClemencyRequestForm.pdf
[2013/06/08 23:23:52 | 000,002,411 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero MediaHome 4.lnk
[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/01 03:33:49 | 000,890,988 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/07/01 03:32:52 | 000,890,988 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck (1).exe
[2013/07/01 03:24:17 | 000,024,777 | ---- | C] () -- C:\Users\Owner\Desktop\download (1).htm
[2013/07/01 03:23:29 | 000,016,374 | ---- | C] () -- C:\Users\Owner\Desktop\download.htm
[2013/06/30 20:11:33 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
[2013/06/30 18:57:05 | 000,648,201 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/06/30 18:26:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/30 18:26:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/30 18:26:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/30 18:26:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/30 18:26:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/30 17:03:53 | 000,000,855 | ---- | C] () -- C:\Users\Owner\Desktop\Install GMER.lnk
[2013/06/30 08:34:07 | 000,007,520 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130630_083400.reg
[2013/06/30 06:10:42 | 000,712,264 | ---- | C] () -- C:\Windows\is-2G064.exe
[2013/06/30 06:10:42 | 000,011,277 | ---- | C] () -- C:\Windows\is-2G064.msg
[2013/06/30 06:10:42 | 000,000,358 | ---- | C] () -- C:\Windows\is-2G064.lst
[2013/06/30 06:00:58 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/06/30 06:00:46 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/06/30 05:32:56 | 000,002,995 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/06/28 04:36:51 | 000,000,646 | ---- | C] () -- C:\Users\Owner\Documents\HIjackerfiles.reg
[2013/06/28 03:47:19 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/28 03:36:34 | 000,000,035 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\SetValue.bat
[2013/06/28 03:34:30 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\WS2Fix.exe
[2013/06/28 03:34:30 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\dumphive.exe
[2013/06/28 03:34:30 | 000,040,960 | ---- | C] () -- C:\Windows\SysNative\swsc.exe
[2013/06/27 18:46:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 18:46:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 18:46:01 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/24 06:51:34 | 000,164,694 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2013/06/24 06:51:24 | 000,098,539 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2013/06/24 06:43:58 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/06/23 22:44:31 | 000,727,532 | ---- | C] () -- C:\Users\Owner\Documents\210.JPG
[2013/06/19 02:13:48 | 000,020,676 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2013/06/17 19:53:23 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/06/14 04:58:37 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2013/06/13 16:53:15 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2013/06/13 16:53:04 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013/06/13 16:53:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2013/06/13 16:53:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2013/06/13 16:37:39 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2013/06/10 16:47:00 | 000,268,589 | ---- | C] () -- C:\Users\Owner\Documents\ClemencyRequestForm.pdf
[2013/06/08 22:40:56 | 000,002,411 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero MediaHome 4.lnk
[2013/05/01 04:12:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/04/26 02:12:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013/04/26 02:12:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013/04/26 02:12:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013/04/22 07:49:12 | 001,187,697 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/22 07:49:12 | 000,001,243 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/14 17:55:50 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2013/04/13 04:57:35 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
[2013/02/07 17:42:47 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/02/06 10:41:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/02/09 05:36:43 | 000,004,096 | ---- | C] () -- C:\Users\Owner\AppData\Local\keyfile3.drm
[2011/11/25 15:21:13 | 000,002,395 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/11/23 12:01:24 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/10/17 21:14:54 | 000,227,840 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 13:12:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/10/11 01:17:35 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2011/10/10 22:17:14 | 000,792,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/15 21:08:33 | 000,007,596 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2011/01/04 16:38:18 | 000,086,371 | ---- | C] () -- C:\ProgramData\bdinstall.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/17 19:43:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.purple
[2011/10/20 19:15:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2013/06/17 19:48:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InfinaDyne
[2013/03/03 01:17:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics
[2013/04/06 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nico Mak Computing
[2011/12/23 13:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Media
[2013/06/23 04:29:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/06/17 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PowerISO
[2013/06/13 16:56:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PowerUp Software
[2013/04/06 05:47:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2013/03/03 05:38:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
[2013/04/03 18:05:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Solvusoft
[2011/06/27 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\supportdotcom
[2013/06/24 06:44:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TrojanHunter
[2013/06/24 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2013/06/17 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:D339C66D
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >


OTL logfile created on: 7/1/2013 3:35:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free
4.01 Gb Paging File | 2.43 Gb Available in Paging File | 60.62% Paging File free
Paging file location(s): c:\pagefile.sys 16 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.39 Gb Total Space | 719.82 Gb Free Space | 77.28% Space Free | Partition Type: NTFS
Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 120.00 Mb Total Space | 51.52 Mb Free Space | 42.94% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC56456 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\version.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\PeanutButterCup.MB\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys (Prevx)
DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (ssmirrdr) -- C:\Windows\SysNative\drivers\ssmirrdr.sys (support.com, Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 DC 5E A6 A6 C0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 76 3C 43 0D 61 6C D6 45 99 7D 04 DC 80 1D AE DC [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.GamingWonderland.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUpx64: File not found



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Raindrops = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/30 06:38:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B93DD8-D672-4D17-9E2F-4068DA6239E6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{406374BE-75AA-4690-AC4B-45E02E89C57B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AAC767A-3423-40B1-AEA8-3A4D8CBBDEF0}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/01 03:34:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/01 03:29:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/01 03:28:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/01 03:27:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/01 03:27:11 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/06/30 23:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/06/30 23:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/06/30 22:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/06/30 21:46:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/30 21:45:18 | 001,933,758 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/06/30 20:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/30 19:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/06/30 19:16:38 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2013/06/30 19:09:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.exe
[2013/06/30 18:36:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/30 18:26:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/30 18:26:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/30 18:26:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/30 18:26:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/06/30 18:25:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/30 18:23:52 | 005,084,517 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/06/30 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Online Backup
[2013/06/30 08:41:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbam-chameleon-1.62.1.1000
[2013/06/30 06:00:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
[2013/06/30 06:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/06/30 06:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013/06/30 06:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/06/30 05:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiPanties
[2013/06/28 03:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PeanutButterCup.MB
[2013/06/28 03:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/28 03:47:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/28 03:34:30 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysNative\VCCLSID.exe
[2013/06/28 03:34:30 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysNative\SrchSTS.exe
[2013/06/28 03:34:30 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swreg.exe
[2013/06/28 03:34:30 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\VACFix.exe
[2013/06/28 03:34:30 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.exe
[2013/06/28 03:34:30 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.C.exe
[2013/06/28 03:34:30 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\404Fix.exe
[2013/06/28 03:34:30 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\o4Patch.exe
[2013/06/28 03:34:30 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swxcacls.exe
[2013/06/28 03:34:30 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\Agent.OMZ.Fix.exe
[2013/06/28 03:34:29 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysNative\Process.exe
[2013/06/27 11:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/06/24 23:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/06/24 23:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/06/24 23:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/06/24 22:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/06/24 20:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/06/24 20:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2013/06/24 20:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapFrog
[2013/06/24 06:44:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TrojanHunter
[2013/06/24 06:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5
[2013/06/23 17:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/06/23 05:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/06/23 05:27:15 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/06/23 04:37:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/06/23 04:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/06/23 03:22:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/06/23 03:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/06/23 02:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/23 01:13:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ProcAlyzer Dumps
[2013/06/21 20:36:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/06/21 20:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/06/21 20:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/06/21 20:32:40 | 000,000,000 | R--D | C] -- C:\Users\Owner\SkyDrive
[2013/06/21 20:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/06/21 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live
[2013/06/21 20:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/06/21 12:34:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New folder
[2013/06/21 12:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/06/21 06:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/21 04:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2013/06/21 04:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DV TS
[2013/06/21 04:26:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Aiptek-Driver_V50
[2013/06/21 01:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/06/20 20:16:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE
[2013/06/20 18:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFConfig
[2013/06/19 21:12:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\NetworkConfiguration
[2013/06/19 18:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/19 15:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/06/19 15:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013/06/19 02:46:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Conceiva
[2013/06/19 00:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaFire Express
[2013/06/18 16:57:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Converted Vids
[2013/06/17 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DutchDuckIndexDat
[2013/06/17 18:11:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Index.Dat Viewer 3
[2013/06/15 09:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2013/06/14 05:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mezzmo
[2013/06/14 03:36:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Mezzmo.2.7.1.0 Cracked
[2013/06/13 16:56:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PowerUp Software
[2013/06/13 16:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PowerUp Software
[2013/06/13 16:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler
[2013/06/13 16:53:05 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dx7vb.dll
[2013/06/13 16:53:05 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2013/06/13 16:53:05 | 000,094,208 | R-S- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2013/06/13 16:53:05 | 000,091,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsofile.dll
[2013/06/13 16:53:05 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL
[2013/06/13 16:53:04 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2013/06/13 16:53:04 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2013/06/13 16:53:04 | 000,045,056 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\NTSVC.ocx
[2013/06/13 16:53:04 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2013/06/13 16:53:03 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advp9109.rra
[2013/06/13 16:53:03 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vers9203.rra
[2013/06/13 16:53:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsoc928f.rra
[2013/06/13 16:53:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shfo9176.rra
[2013/06/13 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerUp Software
[2013/06/13 16:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/06/13 16:46:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\BigHugeEngine
[2013/06/13 16:39:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SKIDROW
[2013/06/13 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013/06/13 16:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2013/06/12 20:34:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/12 20:34:11 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/12 08:37:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 08:37:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 08:37:12 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 08:37:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 08:37:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 08:37:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 08:37:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 08:37:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 08:37:12 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 08:37:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 08:37:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 08:37:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 08:37:09 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 08:06:08 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 08:06:08 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 08:05:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 08:05:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 08:05:53 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 08:05:50 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 08:05:49 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 08:05:49 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 08:05:49 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 08:05:49 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 08:05:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 08:05:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 08:05:42 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/10 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\New folder
[2013/06/10 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Media Player Classic
[2013/06/09 00:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2013/06/08 04:52:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Nero
[2013/06/08 04:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/01 03:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/01 03:33:50 | 000,890,988 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/07/01 03:33:01 | 000,890,988 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck (1).exe
[2013/07/01 03:27:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/07/01 03:24:59 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/07/01 03:24:18 | 000,024,777 | ---- | M] () -- C:\Users\Owner\Desktop\download (1).htm
[2013/07/01 03:23:34 | 000,016,374 | ---- | M] () -- C:\Users\Owner\Desktop\download.htm
[2013/07/01 03:17:34 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 03:17:34 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 03:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/01 03:10:09 | 000,435,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/01 01:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 21:45:23 | 001,933,758 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/06/30 20:11:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
[2013/06/30 19:16:38 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2013/06/30 19:09:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.exe
[2013/06/30 18:57:08 | 000,648,201 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/06/30 18:23:58 | 005,084,517 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/06/30 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/06/30 17:03:53 | 000,000,855 | ---- | M] () -- C:\Users\Owner\Desktop\Install GMER.lnk
[2013/06/30 13:39:48 | 002,493,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/30 13:39:48 | 000,750,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/30 13:39:48 | 000,007,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/30 08:34:08 | 000,007,520 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130630_083400.reg
[2013/06/30 06:38:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/30 06:10:42 | 000,712,264 | ---- | M] () -- C:\Windows\is-2G064.exe
[2013/06/30 06:10:42 | 000,011,277 | ---- | M] () -- C:\Windows\is-2G064.msg
[2013/06/30 06:10:42 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/30 06:10:42 | 000,000,358 | ---- | M] () -- C:\Windows\is-2G064.lst
[2013/06/30 06:00:46 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/06/30 05:32:56 | 000,002,995 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/06/28 04:36:52 | 000,000,646 | ---- | M] () -- C:\Users\Owner\Documents\HIjackerfiles.reg
[2013/06/28 03:38:22 | 000,000,035 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\SetValue.bat
[2013/06/27 18:46:01 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 18:46:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 18:46:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 18:46:00 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 18:46:00 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 18:46:00 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 18:44:51 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/06/27 17:48:42 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2013/06/25 06:39:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/25 06:39:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/24 06:51:34 | 000,164,694 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache
[2013/06/24 06:51:24 | 000,098,539 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache
[2013/06/24 06:43:58 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/06/19 12:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2013/06/19 09:57:50 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2013/06/19 02:42:33 | 000,000,835 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/06/19 02:13:48 | 000,020,676 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2013/06/17 19:53:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/06/15 06:15:51 | 000,227,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/13 16:53:15 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2013/06/13 16:37:39 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2013/06/10 16:47:00 | 000,268,589 | ---- | M] () -- C:\Users\Owner\Documents\ClemencyRequestForm.pdf
[2013/06/08 23:23:52 | 000,002,411 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero MediaHome 4.lnk
[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/01 03:33:49 | 000,890,988 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/07/01 03:32:52 | 000,890,988 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck (1).exe
[2013/07/01 03:24:17 | 000,024,777 | ---- | C] () -- C:\Users\Owner\Desktop\download (1).htm
[2013/07/01 03:23:29 | 000,016,374 | ---- | C] () -- C:\Users\Owner\Desktop\download.htm
[2013/06/30 20:11:33 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
[2013/06/30 18:57:05 | 000,648,201 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/06/30 18:26:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/30 18:26:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/30 18:26:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/30 18:26:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/30 18:26:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/30 17:03:53 | 000,000,855 | ---- | C] () -- C:\Users\Owner\Desktop\Install GMER.lnk
[2013/06/30 08:34:07 | 000,007,520 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130630_083400.reg
[2013/06/30 06:10:42 | 000,712,264 | ---- | C] () -- C:\Windows\is-2G064.exe
[2013/06/30 06:10:42 | 000,011,277 | ---- | C] () -- C:\Windows\is-2G064.msg
[2013/06/30 06:10:42 | 000,000,358 | ---- | C] () -- C:\Windows\is-2G064.lst
[2013/06/30 06:00:58 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/06/30 06:00:46 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/06/30 05:32:56 | 000,002,995 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/06/28 04:36:51 | 000,000,646 | ---- | C] () -- C:\Users\Owner\Documents\HIjackerfiles.reg
[2013/06/28 03:47:19 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/28 03:36:34 | 000,000,035 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\SetValue.bat
[2013/06/28 03:34:30 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\WS2Fix.exe
[2013/06/28 03:34:30 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\dumphive.exe
[2013/06/28 03:34:30 | 000,040,960 | ---- | C] () -- C:\Windows\SysNative\swsc.exe
[2013/06/27 18:46:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 18:46:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 18:46:01 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/24 06:51:34 | 000,164,694 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2013/06/24 06:51:24 | 000,098,539 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2013/06/24 06:43:58 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/06/23 22:44:31 | 000,727,532 | ---- | C] () -- C:\Users\Owner\Documents\210.JPG
[2013/06/19 02:13:48 | 000,020,676 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2013/06/17 19:53:23 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/06/14 04:58:37 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2013/06/13 16:53:15 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2013/06/13 16:53:04 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013/06/13 16:53:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2013/06/13 16:53:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2013/06/13 16:37:39 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2013/06/10 16:47:00 | 000,268,589 | ---- | C] () -- C:\Users\Owner\Documents\ClemencyRequestForm.pdf
[2013/06/08 22:40:56 | 000,002,411 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero MediaHome 4.lnk
[2013/05/01 04:12:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/04/26 02:12:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013/04/26 02:12:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013/04/26 02:12:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013/04/22 07:49:12 | 001,187,697 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/22 07:49:12 | 000,001,243 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/14 17:55:50 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2013/04/13 04:57:35 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
[2013/02/07 17:42:47 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/02/06 10:41:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/02/09 05:36:43 | 000,004,096 | ---- | C] () -- C:\Users\Owner\AppData\Local\keyfile3.drm
[2011/11/25 15:21:13 | 000,002,395 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/11/23 12:01:24 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/10/17 21:14:54 | 000,227,840 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 13:12:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/10/11 01:17:35 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2011/10/10 22:17:14 | 000,792,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/15 21:08:33 | 000,007,596 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2011/01/04 16:38:18 | 000,086,371 | ---- | C] () -- C:\ProgramData\bdinstall.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/17 19:43:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.purple
[2011/10/20 19:15:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2013/06/17 19:48:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InfinaDyne
[2013/03/03 01:17:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics
[2013/04/06 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nico Mak Computing
[2011/12/23 13:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Media
[2013/06/23 04:29:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/06/17 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PowerISO
[2013/06/13 16:56:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PowerUp Software
[2013/04/06 05:47:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2013/03/03 05:38:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
[2013/04/03 18:05:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Solvusoft
[2011/06/27 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\supportdotcom
[2013/06/24 06:44:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TrojanHunter
[2013/06/24 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2013/06/17 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:D339C66D
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >
OTL logfile created on: 7/1/2013 3:35:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free
4.01 Gb Paging File | 2.43 Gb Available in Paging File | 60.62% Paging File free
Paging file location(s): c:\pagefile.sys 16 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.39 Gb Total Space | 719.82 Gb Free Space | 77.28% Space Free | Partition Type: NTFS
Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 120.00 Mb Total Space | 51.52 Mb Free Space | 42.94% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC56456 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\version.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\PeanutButterCup.MB\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys (Prevx)
DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (ssmirrdr) -- C:\Windows\SysNative\drivers\ssmirrdr.sys (support.com, Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 DC 5E A6 A6 C0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 76 3C 43 0D 61 6C D6 45 99 7D 04 DC 80 1D AE DC [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.GamingWonderland.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUpx64: File not found



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Raindrops = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/30 06:38:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B93DD8-D672-4D17-9E2F-4068DA6239E6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{406374BE-75AA-4690-AC4B-45E02E89C57B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AAC767A-3423-40B1-AEA8-3A4D8CBBDEF0}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/01 03:34:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/01 03:29:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/01 03:28:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/01 03:27:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/01 03:27:11 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/06/30 23:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/06/30 23:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/06/30 22:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/06/30 21:46:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/30 21:45:18 | 001,933,758 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/06/30 20:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/30 19:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/06/30 19:16:38 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2013/06/30 19:09:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.exe
[2013/06/30 18:36:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/30 18:26:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/30 18:26:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/30 18:26:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/30 18:26:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/06/30 18:25:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/30 18:23:52 | 005,084,517 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/06/30 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Online Backup
[2013/06/30 08:41:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbam-chameleon-1.62.1.1000
[2013/06/30 06:00:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
[2013/06/30 06:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/06/30 06:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013/06/30 06:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/06/30 05:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiPanties
[2013/06/28 03:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PeanutButterCup.MB
[2013/06/28 03:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/28 03:47:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/28 03:34:30 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysNative\VCCLSID.exe
[2013/06/28 03:34:30 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysNative\SrchSTS.exe
[2013/06/28 03:34:30 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swreg.exe
[2013/06/28 03:34:30 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\VACFix.exe
[2013/06/28 03:34:30 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.exe
[2013/06/28 03:34:30 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.C.exe
[2013/06/28 03:34:30 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\404Fix.exe
[2013/06/28 03:34:30 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\o4Patch.exe
[2013/06/28 03:34:30 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swxcacls.exe
[2013/06/28 03:34:30 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\Agent.OMZ.Fix.exe
[2013/06/28 03:34:29 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysNative\Process.exe
[2013/06/27 11:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/06/24 23:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/06/24 23:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/06/24 23:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/06/24 22:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/06/24 20:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/06/24 20:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2013/06/24 20:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapFrog
[2013/06/24 06:44:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TrojanHunter
[2013/06/24 06:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5
[2013/06/23 17:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/06/23 05:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/06/23 05:27:15 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/06/23 04:37:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/06/23 04:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/06/23 03:22:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/06/23 03:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/06/23 02:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/23 01:13:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ProcAlyzer Dumps
[2013/06/21 20:36:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/06/21 20:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/06/21 20:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/06/21 20:32:40 | 000,000,000 | R--D | C] -- C:\Users\Owner\SkyDrive
[2013/06/21 20:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/06/21 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live
[2013/06/21 20:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/06/21 12:34:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New folder
[2013/06/21 12:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/06/21 06:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/21 04:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2013/06/21 04:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DV TS
[2013/06/21 04:26:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Aiptek-Driver_V50
[2013/06/21 01:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/06/20 20:16:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE
[2013/06/20 18:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFConfig
[2013/06/19 21:12:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\NetworkConfiguration
[2013/06/19 18:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/19 15:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/06/19 15:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013/06/19 02:46:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Conceiva
[2013/06/19 00:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaFire Express
[2013/06/18 16:57:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Converted Vids
[2013/06/17 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DutchDuckIndexDat
[2013/06/17 18:11:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Index.Dat Viewer 3
[2013/06/15 09:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2013/06/14 05:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mezzmo
[2013/06/14 03:36:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Mezzmo.2.7.1.0 Cracked
[2013/06/13 16:56:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PowerUp Software
[2013/06/13 16:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PowerUp Software
[2013/06/13 16:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler
[2013/06/13 16:53:05 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dx7vb.dll
[2013/06/13 16:53:05 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2013/06/13 16:53:05 | 000,094,208 | R-S- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2013/06/13 16:53:05 | 000,091,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsofile.dll
[2013/06/13 16:53:05 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL
[2013/06/13 16:53:04 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2013/06/13 16:53:04 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2013/06/13 16:53:04 | 000,045,056 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\NTSVC.ocx
[2013/06/13 16:53:04 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2013/06/13 16:53:03 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advp9109.rra
[2013/06/13 16:53:03 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vers9203.rra
[2013/06/13 16:53:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsoc928f.rra
[2013/06/13 16:53:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shfo9176.rra
[2013/06/13 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerUp Software
[2013/06/13 16:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/06/13 16:46:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\BigHugeEngine
[2013/06/13 16:39:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SKIDROW
[2013/06/13 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013/06/13 16:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2013/06/12 20:34:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/12 20:34:11 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/12 08:37:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 08:37:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 08:37:12 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 08:37:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 08:37:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 08:37:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 08:37:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 08:37:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 08:37:12 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 08:37:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 08:37:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 08:37:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 08:37:09 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 08:06:08 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 08:06:08 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 08:05:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 08:05:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 08:05:53 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 08:05:50 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 08:05:49 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 08:05:49 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 08:05:49 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 08:05:49 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 08:05:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 08:05:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 08:05:42 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/10 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\New folder
[2013/06/10 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Media Player Classic
[2013/06/09 00:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2013/06/08 04:52:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Nero
[2013/06/08 04:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/01 03:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/01 03:33:50 | 000,890,988 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/07/01 03:33:01 | 000,890,988 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck (1).exe
[2013/07/01 03:27:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/07/01 03:24:59 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/07/01 03:24:18 | 000,024,777 | ---- | M] () -- C:\Users\Owner\Desktop\download (1).htm
[2013/07/01 03:23:34 | 000,016,374 | ---- | M] () -- C:\Users\Owner\Desktop\download.htm
[2013/07/01 03:17:34 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 03:17:34 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 03:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/01 03:10:09 | 000,435,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/01 01:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 21:45:23 | 001,933,758 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/06/30 20:11:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
[2013/06/30 19:16:38 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2013/06/30 19:09:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.exe
[2013/06/30 18:57:08 | 000,648,201 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/06/30 18:23:58 | 005,084,517 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/06/30 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/06/30 17:03:53 | 000,000,855 | ---- | M] () -- C:\Users\Owner\Desktop\Install GMER.lnk
[2013/06/30 13:39:48 | 002,493,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/30 13:39:48 | 000,750,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/30 13:39:48 | 000,007,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/30 08:34:08 | 000,007,520 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130630_083400.reg
[2013/06/30 06:38:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/30 06:10:42 | 000,712,264 | ---- | M] () -- C:\Windows\is-2G064.exe
[2013/06/30 06:10:42 | 000,011,277 | ---- | M] () -- C:\Windows\is-2G064.msg
[2013/06/30 06:10:42 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/30 06:10:42 | 000,000,358 | ---- | M] () -- C:\Windows\is-2G064.lst
[2013/06/30 06:00:46 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/06/30 05:32:56 | 000,002,995 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/06/28 04:36:52 | 000,000,646 | ---- | M] () -- C:\Users\Owner\Documents\HIjackerfiles.reg
[2013/06/28 03:38:22 | 000,000,035 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\SetValue.bat
[2013/06/27 18:46:01 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 18:46:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 18:46:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 18:46:00 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 18:46:00 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 18:46:00 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 18:44:51 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/06/27 17:48:42 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2013/06/25 06:39:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/25 06:39:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/24 06:51:34 | 000,164,694 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache
[2013/06/24 06:51:24 | 000,098,539 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache
[2013/06/24 06:43:58 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/06/19 12:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2013/06/19 09:57:50 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2013/06/19 02:42:33 | 000,000,835 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/06/19 02:13:48 | 000,020,676 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2013/06/17 19:53:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/06/15 06:15:51 | 000,227,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/13 16:53:15 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2013/06/13 16:37:39 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2013/06/10 16:47:00 | 000,268,589 | ---- | M] () -- C:\Users\Owner\Documents\ClemencyRequestForm.pdf
[2013/06/08 23:23:52 | 000,002,411 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero MediaHome 4.lnk
[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/01 03:33:49 | 000,890,988 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/07/01 03:32:52 | 000,890,988 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck (1).exe
[2013/07/01 03:24:17 | 000,024,777 | ---- | C] () -- C:\Users\Owner\Desktop\download (1).htm
[2013/07/01 03:23:29 | 000,016,374 | ---- | C] () -- C:\Users\Owner\Desktop\download.htm
[2013/06/30 20:11:33 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
[2013/06/30 18:57:05 | 000,648,201 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/06/30 18:26:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/30 18:26:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/30 18:26:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/30 18:26:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/30 18:26:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/30 17:03:53 | 000,000,855 | ---- | C] () -- C:\Users\Owner\Desktop\Install GMER.lnk
[2013/06/30 08:34:07 | 000,007,520 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130630_083400.reg
[2013/06/30 06:10:42 | 000,712,264 | ---- | C] () -- C:\Windows\is-2G064.exe
[2013/06/30 06:10:42 | 000,011,277 | ---- | C] () -- C:\Windows\is-2G064.msg
[2013/06/30 06:10:42 | 000,000,358 | ---- | C] () -- C:\Windows\is-2G064.lst
[2013/06/30 06:00:58 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/06/30 06:00:46 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/06/30 05:32:56 | 000,002,995 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/06/28 04:36:51 | 000,000,646 | ---- | C] () -- C:\Users\Owner\Documents\HIjackerfiles.reg
[2013/06/28 03:47:19 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/28 03:36:34 | 000,000,035 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\SetValue.bat
[2013/06/28 03:34:30 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\WS2Fix.exe
[2013/06/28 03:34:30 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\dumphive.exe
[2013/06/28 03:34:30 | 000,040,960 | ---- | C] () -- C:\Windows\SysNative\swsc.exe
[2013/06/27 18:46:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 18:46:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 18:46:01 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/24 06:51:34 | 000,164,694 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2013/06/24 06:51:24 | 000,098,539 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2013/06/24 06:43:58 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/06/23 22:44:31 | 000,727,532 | ---- | C] () -- C:\Users\Owner\Documents\210.JPG
[2013/06/19 02:13:48 | 000,020,676 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2013/06/17 19:53:23 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/06/14 04:58:37 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2013/06/13 16:53:15 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2013/06/13 16:53:04 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013/06/13 16:53:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2013/06/13 16:53:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2013/06/13 16:37:39 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2013/06/10 16:47:00 | 000,268,589 | ---- | C] () -- C:\Users\Owner\Documents\ClemencyRequestForm.pdf
[2013/06/08 22:40:56 | 000,002,411 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero MediaHome 4.lnk
[2013/05/01 04:12:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/04/26 02:12:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013/04/26 02:12:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013/04/26 02:12:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013/04/22 07:49:12 | 001,187,697 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/22 07:49:12 | 000,001,243 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/14 17:55:50 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2013/04/13 04:57:35 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
[2013/02/07 17:42:47 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/02/06 10:41:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/02/09 05:36:43 | 000,004,096 | ---- | C] () -- C:\Users\Owner\AppData\Local\keyfile3.drm
[2011/11/25 15:21:13 | 000,002,395 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/11/23 12:01:24 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/10/17 21:14:54 | 000,227,840 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 13:12:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/10/11 01:17:35 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2011/10/10 22:17:14 | 000,792,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/15 21:08:33 | 000,007,596 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2011/01/04 16:38:18 | 000,086,371 | ---- | C] () -- C:\ProgramData\bdinstall.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/17 19:43:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.purple
[2011/10/20 19:15:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2013/06/17 19:48:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InfinaDyne
[2013/03/03 01:17:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics
[2013/04/06 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nico Mak Computing
[2011/12/23 13:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Media
[2013/06/23 04:29:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/06/17 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PowerISO
[2013/06/13 16:56:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PowerUp Software
[2013/04/06 05:47:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2013/03/03 05:38:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
[2013/04/03 18:05:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Solvusoft
[2011/06/27 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\supportdotcom
[2013/06/24 06:44:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TrojanHunter
[2013/06/24 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2013/06/17 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:D339C66D
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >
OTL logfile created on: 7/1/2013 3:35:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.04% Memory free
4.01 Gb Paging File | 2.43 Gb Available in Paging File | 60.62% Paging File free
Paging file location(s): c:\pagefile.sys 16 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.39 Gb Total Space | 719.82 Gb Free Space | 77.28% Space Free | Partition Type: NTFS
Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 120.00 Mb Total Space | 51.52 Mb Free Space | 42.94% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC56456 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\version.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\PeanutButterCup.MB\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys (Prevx)
DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (ssmirrdr) -- C:\Windows\SysNative\drivers\ssmirrdr.sys (support.com, Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 DC 5E A6 A6 C0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 76 3C 43 0D 61 6C D6 45 99 7D 04 DC 80 1D AE DC [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.GamingWonderland.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUpx64: File not found



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Raindrops = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/30 06:38:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B93DD8-D672-4D17-9E2F-4068DA6239E6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{406374BE-75AA-4690-AC4B-45E02E89C57B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AAC767A-3423-40B1-AEA8-3A4D8CBBDEF0}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\belarc - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/01 03:34:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/01 03:29:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/01 03:28:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/01 03:27:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/01 03:27:11 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/06/30 23:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/06/30 23:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/06/30 22:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/06/30 21:46:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/30 21:45:18 | 001,933,758 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/06/30 20:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/30 19:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/06/30 19:16:38 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2013/06/30 19:09:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.exe
[2013/06/30 18:36:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/30 18:26:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/30 18:26:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/30 18:26:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/30 18:26:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/06/30 18:25:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/30 18:23:52 | 005,084,517 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/06/30 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Online Backup
[2013/06/30 08:41:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbam-chameleon-1.62.1.1000
[2013/06/30 06:00:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
[2013/06/30 06:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/06/30 06:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013/06/30 06:00:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/06/30 05:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiPanties
[2013/06/28 03:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PeanutButterCup.MB
[2013/06/28 03:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/28 03:47:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/28 03:34:30 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysNative\VCCLSID.exe
[2013/06/28 03:34:30 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysNative\SrchSTS.exe
[2013/06/28 03:34:30 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swreg.exe
[2013/06/28 03:34:30 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\VACFix.exe
[2013/06/28 03:34:30 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.exe
[2013/06/28 03:34:30 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.C.exe
[2013/06/28 03:34:30 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\404Fix.exe
[2013/06/28 03:34:30 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\o4Patch.exe
[2013/06/28 03:34:30 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swxcacls.exe
[2013/06/28 03:34:30 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\Agent.OMZ.Fix.exe
[2013/06/28 03:34:29 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysNative\Process.exe
[2013/06/27 11:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/06/24 23:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/06/24 23:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/06/24 23:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/06/24 22:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/06/24 20:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/06/24 20:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2013/06/24 20:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapFrog
[2013/06/24 06:44:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TrojanHunter
[2013/06/24 06:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5
[2013/06/23 17:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/06/23 05:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/06/23 05:27:15 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/06/23 04:37:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/06/23 04:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/06/23 03:22:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/06/23 03:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/06/23 02:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/23 01:13:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ProcAlyzer Dumps
[2013/06/21 20:36:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/06/21 20:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/06/21 20:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/06/21 20:32:40 | 000,000,000 | R--D | C] -- C:\Users\Owner\SkyDrive
[2013/06/21 20:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/06/21 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live
[2013/06/21 20:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/06/21 12:34:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New folder
[2013/06/21 12:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/06/21 06:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/21 04:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2013/06/21 04:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DV TS
[2013/06/21 04:26:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Aiptek-Driver_V50
[2013/06/21 01:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/06/20 20:16:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE
[2013/06/20 18:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFConfig
[2013/06/19 21:12:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\NetworkConfiguration
[2013/06/19 18:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/19 15:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/06/19 15:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013/06/19 02:46:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Conceiva
[2013/06/19 00:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaFire Express
[2013/06/18 16:57:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Converted Vids
[2013/06/17 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DutchDuckIndexDat
[2013/06/17 18:11:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Index.Dat Viewer 3
[2013/06/15 09:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2013/06/14 05:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mezzmo
[2013/06/14 03:36:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Mezzmo.2.7.1.0 Cracked
[2013/06/13 16:56:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PowerUp Software
[2013/06/13 16:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PowerUp Software
[2013/06/13 16:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler
[2013/06/13 16:53:05 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dx7vb.dll
[2013/06/13 16:53:05 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2013/06/13 16:53:05 | 000,094,208 | R-S- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2013/06/13 16:53:05 | 000,091,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsofile.dll
[2013/06/13 16:53:05 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL
[2013/06/13 16:53:04 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2013/06/13 16:53:04 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2013/06/13 16:53:04 | 000,045,056 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\NTSVC.ocx
[2013/06/13 16:53:04 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2013/06/13 16:53:03 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advp9109.rra
[2013/06/13 16:53:03 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vers9203.rra
[2013/06/13 16:53:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsoc928f.rra
[2013/06/13 16:53:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shfo9176.rra
[2013/06/13 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerUp Software
[2013/06/13 16:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/06/13 16:46:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\BigHugeEngine
[2013/06/13 16:39:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SKIDROW
[2013/06/13 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013/06/13 16:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2013/06/12 20:34:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/12 20:34:11 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/12 08:37:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 08:37:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 08:37:12 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 08:37:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 08:37:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 08:37:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 08:37:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 08:37:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 08:37:12 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 08:37:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 08:37:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 08:37:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 08:37:09 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 08:06:08 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 08:06:08 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 08:05:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 08:05:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 08:05:53 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 08:05:50 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 08:05:49 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 08:05:49 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 08:05:49 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 08:05:49 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 08:05:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 08:05:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 08:05:42 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/10 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\New folder
[2013/06/10 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Media Player Classic
[2013/06/09 00:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2013/06/08 04:52:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Nero
[2013/06/08 04:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/01 03:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/01 03:33:50 | 000,890,988 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/07/01 03:33:01 | 000,890,988 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck (1).exe
[2013/07/01 03:27:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
[2013/07/01 03:24:59 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/07/01 03:24:18 | 000,024,777 | ---- | M] () -- C:\Users\Owner\Desktop\download (1).htm
[2013/07/01 03:23:34 | 000,016,374 | ---- | M] () -- C:\Users\Owner\Desktop\download.htm
[2013/07/01 03:17:34 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 03:17:34 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 03:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/01 03:10:09 | 000,435,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/01 01:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 21:45:23 | 001,933,758 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/06/30 20:11:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
[2013/06/30 19:16:38 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2013/06/30 19:09:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.exe
[2013/06/30 18:57:08 | 000,648,201 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/06/30 18:23:58 | 005,084,517 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/06/30 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/06/30 17:03:53 | 000,000,855 | ---- | M] () -- C:\Users\Owner\Desktop\Install GMER.lnk
[2013/06/30 13:39:48 | 002,493,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/30 13:39:48 | 000,750,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/30 13:39:48 | 000,007,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/30 08:34:08 | 000,007,520 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130630_083400.reg
[2013/06/30 06:38:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/30 06:10:42 | 000,712,264 | ---- | M] () -- C:\Windows\is-2G064.exe
[2013/06/30 06:10:42 | 000,011,277 | ---- | M] () -- C:\Windows\is-2G064.msg
[2013/06/30 06:10:42 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/30 06:10:42 | 000,000,358 | ---- | M] () -- C:\Windows\is-2G064.lst
[2013/06/30 06:00:46 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/06/30 05:32:56 | 000,002,995 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/06/28 04:36:52 | 000,000,646 | ---- | M] () -- C:\Users\Owner\Documents\HIjackerfiles.reg
[2013/06/28 03:38:22 | 000,000,035 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\SetValue.bat
[2013/06/27 18:46:01 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 18:46:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 18:46:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 18:46:00 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 18:46:00 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 18:46:00 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 18:44:51 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/06/27 17:48:42 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2013/06/25 06:39:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/25 06:39:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/24 06:51:34 | 000,164,694 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache
[2013/06/24 06:51:24 | 000,098,539 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache
[2013/06/24 06:43:58 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/06/19 12:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2013/06/19 09:57:50 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2013/06/19 02:42:33 | 000,000,835 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/06/19 02:13:48 | 000,020,676 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2013/06/17 19:53:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/06/15 06:15:51 | 000,227,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/13 16:53:15 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2013/06/13 16:37:39 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2013/06/10 16:47:00 | 000,268,589 | ---- | M] () -- C:\Users\Owner\Documents\ClemencyRequestForm.pdf
[2013/06/08 23:23:52 | 000,002,411 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero MediaHome 4.lnk
[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/01 03:33:49 | 000,890,988 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/07/01 03:32:52 | 000,890,988 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck (1).exe
[2013/07/01 03:24:17 | 000,024,777 | ---- | C] () -- C:\Users\Owner\Desktop\download (1).htm
[2013/07/01 03:23:29 | 000,016,374 | ---- | C] () -- C:\Users\Owner\Desktop\download.htm
[2013/06/30 20:11:33 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce75ef8b016100.job
[2013/06/30 18:57:05 | 000,648,201 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/06/30 18:26:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/30 18:26:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/30 18:26:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/30 18:26:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/30 18:26:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/30 17:03:53 | 000,000,855 | ---- | C] () -- C:\Users\Owner\Desktop\Install GMER.lnk
[2013/06/30 08:34:07 | 000,007,520 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130630_083400.reg
[2013/06/30 06:10:42 | 000,712,264 | ---- | C] () -- C:\Windows\is-2G064.exe
[2013/06/30 06:10:42 | 000,011,277 | ---- | C] () -- C:\Windows\is-2G064.msg
[2013/06/30 06:10:42 | 000,000,358 | ---- | C] () -- C:\Windows\is-2G064.lst
[2013/06/30 06:00:58 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/06/30 06:00:46 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/06/30 05:32:56 | 000,002,995 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/06/28 04:36:51 | 000,000,646 | ---- | C] () -- C:\Users\Owner\Documents\HIjackerfiles.reg
[2013/06/28 03:47:19 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/28 03:36:34 | 000,000,035 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\SetValue.bat
[2013/06/28 03:34:30 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\WS2Fix.exe
[2013/06/28 03:34:30 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\dumphive.exe
[2013/06/28 03:34:30 | 000,040,960 | ---- | C] () -- C:\Windows\SysNative\swsc.exe
[2013/06/27 18:46:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 18:46:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 18:46:01 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/24 06:51:34 | 000,164,694 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2013/06/24 06:51:24 | 000,098,539 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2013/06/24 06:43:58 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/06/23 22:44:31 | 000,727,532 | ---- | C] () -- C:\Users\Owner\Documents\210.JPG
[2013/06/19 02:13:48 | 000,020,676 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2013/06/17 19:53:23 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/06/14 04:58:37 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2013/06/13 16:53:15 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2013/06/13 16:53:04 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013/06/13 16:53:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2013/06/13 16:53:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2013/06/13 16:37:39 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2013/06/10 16:47:00 | 000,268,589 | ---- | C] () -- C:\Users\Owner\Documents\ClemencyRequestForm.pdf
[2013/06/08 22:40:56 | 000,002,411 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero MediaHome 4.lnk
[2013/05/01 04:12:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/04/26 02:12:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013/04/26 02:12:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013/04/26 02:12:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013/04/22 07:49:12 | 001,187,697 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/22 07:49:12 | 000,001,243 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/14 17:55:50 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2013/04/13 04:57:35 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
[2013/02/07 17:42:47 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/02/06 10:41:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/02/09 05:36:43 | 000,004,096 | ---- | C] () -- C:\Users\Owner\AppData\Local\keyfile3.drm
[2011/11/25 15:21:13 | 000,002,395 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/11/23 12:01:24 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/10/17 21:14:54 | 000,227,840 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 13:12:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/10/11 01:17:35 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2011/10/10 22:17:14 | 000,792,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/15 21:08:33 | 000,007,596 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2011/01/04 16:38:18 | 000,086,371 | ---- | C] () -- C:\ProgramData\bdinstall.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/17 19:43:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.purple
[2011/10/20 19:15:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2013/06/17 19:48:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InfinaDyne
[2013/03/03 01:17:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics
[2013/04/06 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nico Mak Computing
[2011/12/23 13:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Media
[2013/06/23 04:29:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2013/06/17 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PowerISO
[2013/06/13 16:56:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PowerUp Software
[2013/04/06 05:47:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2013/03/03 05:38:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
[2013/04/03 18:05:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Solvusoft
[2011/06/27 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\supportdotcom
[2013/06/24 06:44:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TrojanHunter
[2013/06/24 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2013/06/17 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:D339C66D
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {82642322-8F8E-45F3-8818-43177B4D0989}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{82642322-8F8E-45F3-8818-43177B4D0989}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2841162561-682868603-3290484309</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>M68MT-D3</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F2</Version><SMBIOSVersion major="2" minor="4"/><Date>20100614000000.000000+000</Date></BIOS><HWID>EFAF3707018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>GBT </OEMID><OEMTableID>GBTUACPI</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800006-02-1033-7601.0000-0952013
Installation ID: 020052952055581125364122993440191791863921444586447844
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 7QJB7
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 7/1/2013 7:41:19 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAgABAAEAAgABAAAAAQABAAEA6GFsjvpkFreSAOzkvOMQWcSW9JjuAUIa

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT NVDAACPI
FACP GBT NVDAACPI
HPET GBT NVDAACPI
MCFG GBT NVDAACPI
SSDT PTLTD POWERNOW
SLIC GBT GBTUACPI
TAMG GBT GBT B0
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello dmountz1983,

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :OTL
    IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
    FF - HKLM\Software\MozillaPlugins\@ei.GamingWonderland.com/Plugin: File not found
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
    FF - HKCU\Software\MozillaPlugins\intel.com/AppUpx64: File not found
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:D339C66D

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.
When you return please post
  • OTL fix log
  • ESET log

  • 0

#11
dmountz1983

dmountz1983

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
C:\Users\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application
C:\Users\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\Crack\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application
C:\Users\Owner\Downloads\super-mario (1).exe a variant of Win32/Kryptik.PVK trojan
C:\Users\Owner\Downloads\super-mario (2).exe a variant of Win32/Kryptik.PVK trojan
C:\Users\Owner\Downloads\super-mario (3).exe a variant of Win32/Kryptik.PVK trojan
C:\Users\Owner\Downloads\super-mario.exe a variant of Win32/Kryptik.PVK trojan
C:\Users\Owner\Videos\Movies\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application
C:\Documents and Settings\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\Crack\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Downloads\super-mario (1).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Downloads\super-mario (2).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Downloads\super-mario (3).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Downloads\super-mario.exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Videos\Movies\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Documents\uTorrentDownloads\Advanced PC Tweaker v4.2 Including Crack + Key [h33t][iahq76]\Crack\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Downloads\super-mario (1).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Downloads\super-mario (2).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Downloads\super-mario (3).exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Users\Owner\Downloads\super-mario.exe a variant of Win32/Kryptik.PVK trojan cleaned by deleting - quarantined


All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.GamingWonderland.com/Plugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\intel.com/AppUpx64\ not found.
Unable to delete ADS C:\ProgramData\Temp:D339C66D .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: Guest.Owner-PC56456
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-OWNER-PC56456
->Temp folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2139 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8054580 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17018248 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07012013_221946

Files\Folders moved on Reboot...
File move failed. C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
How is your machine now?
  • 0

#13
dmountz1983

dmountz1983

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No Hanging, no lagging...seems to be in better shape..I'm not sure of the initial point of entry for the malware, but I believe misconfiguring Media Streaming is the frontrunner for taking the blame. Please let me know if this idea is valid. Thank you very much for your help!
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again dmountz1983,

I'm not sure of the initial point of entry for the malware, but I believe misconfiguring Media Streaming is the frontrunner for taking the blame. Please let me know if this idea is valid.


Could be the source.

There were a number of things.

I am not certain exactly what was the entry point but these figured in cleaning up:

search provider

SearchScopes: HKCU - Comcast URL = http://search.comcas...q={searchTerms}

strongvault online backup

And

advanced pc tweaker

There was also what looked to me like some corruption in the BootExecute: Possibly you used Bitdefender at some stage and it somehow got corrupted?

Now

I think you are good to go.

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any other tools remaining may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP