Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected Virus disabling network adapter [Solved]


  • This topic is locked This topic is locked

#1
Richk138

Richk138

    Member

  • Member
  • PipPipPip
  • 190 posts
After removing several viruses with several scanners the computer will not stay connected or navigate to any malware removal sites without disabling the network card. It will go to other sites such as yahoo or google fine. I ran an OTL scan and here are the results. Thank you in advance.

OTL logfile created on: 1/17/2014 08:29:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 37.43% Memory free
5.49 Gb Paging File | 3.34 Gb Available in Paging File | 60.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.46 Gb Total Space | 185.35 Gb Free Space | 65.85% Space Free | Partition Type: NTFS
Drive D: | 16.33 Gb Total Space | 2.35 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive E: | 39.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 99.34 Mb Total Space | 89.17 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

Computer Name: dcouchen | User Name: dcouchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/16 16:22:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2013/12/04 18:23:36 | 004,161,512 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/07/01 14:28:16 | 000,196,896 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
PRC - [2013/07/01 14:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
PRC - [2013/07/01 14:28:16 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
PRC - [2013/07/01 14:28:14 | 000,043,296 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriControl.exe
PRC - [2013/07/01 14:28:14 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
PRC - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/12/17 13:46:48 | 000,506,720 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/10/31 13:39:40 | 019,071,672 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/10 19:36:18 | 000,136,352 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/29 02:40:14 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/29 02:29:04 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/29 02:28:25 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/29 02:28:03 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/29 02:27:53 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/21 17:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/17 23:58:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/17 23:57:37 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll
MOD - [2013/07/17 23:57:04 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/04/15 17:56:17 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2013/04/15 17:56:16 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2013/04/15 17:56:15 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2012/12/12 00:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/04 10:13:21 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/12/17 13:47:02 | 000,231,792 | ---- | M] () -- C:\Windows\libactivboardex.dll
MOD - [2010/12/17 13:46:56 | 000,345,440 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtXml4.dll
MOD - [2010/12/17 13:46:54 | 000,919,912 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtNetwork4.dll
MOD - [2010/12/17 13:46:52 | 008,189,280 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtGui4.dll
MOD - [2010/12/17 13:46:50 | 002,291,552 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\QtCore4.dll
MOD - [2010/12/17 13:46:48 | 000,506,720 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
MOD - [2010/11/04 20:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/19 12:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 12:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 12:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/02/09 20:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 20:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 20:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 20:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 20:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 20:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 20:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 20:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/16 15:34:58 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 11:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/19 20:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/12/04 18:23:36 | 004,161,512 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/10/02 20:46:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/01 14:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/07/01 14:28:14 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/07/01 14:28:12 | 003,623,200 | ---- | M] (Sendori) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/06 09:43:32 | 000,120,152 | ---- | M] (WeFi) [On_Demand | Stopped] -- C:\Program Files (x86)\WeFi\WefiEngSvc.exe -- (WefiEngSvc)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 19:36:18 | 000,136,352 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe -- (klnagent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/02/22 11:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/17 12:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/17 11:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/22 20:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/22 20:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/12/04 18:23:36 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys -- (cleanhlp)
DRV - [2013/08/24 17:22:58 | 000,070,960 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2013/03/28 18:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{5DECF223-E9AF-465E-A466-43BB64D3E853}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{65F306BD-33E8-4CF2-A940-45F85D0B3002}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C53E3225-AF0B-4917-9442-34D406D547A0}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{65F306BD-33E8-4CF2-A940-45F85D0B3002}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C53E3225-AF0B-4917-9442-34D406D547A0}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF
IE - HKCU\..\SearchScopes\{65F306BD-33E8-4CF2-A940-45F85D0B3002}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPT_enUS405
IE - HKCU\..\SearchScopes\{C53E3225-AF0B-4917-9442-34D406D547A0}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Daniel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/01/16 12:32:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe (Promethean Technologies Group Ltd)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 152.41.212.15 152.41.212.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAB8FEA3-89A9-4BF0-AA6E-13B8B0400D49}: DhcpNameServer = 152.41.212.15 152.41.212.16
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/17 08:31:06 | 000,000,000 | ---D | C] -- C:\525dcfad7eca50b3d91b9b
[2014/01/16 16:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2014/01/16 16:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2014/01/16 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Anti-Malware
[2014/01/16 16:22:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2014/01/16 16:15:55 | 224,608,616 | ---- | C] (Emsisoft GmbH ) -- C:\Users\Daniel\Desktop\EmsisoftAntiMalwareSetup.exe
[2014/01/16 12:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/01/16 12:36:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/16 12:19:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/16 12:19:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/16 12:19:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/16 12:19:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/16 12:18:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/16 11:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/16 11:32:04 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/16 11:20:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/16 11:09:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/16 10:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/01/16 10:34:54 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Daniel\Desktop\JRT.exe
[2014/01/16 10:34:53 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\TFC.exe
[2014/01/13 16:45:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2014/01/13 16:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/13 16:38:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/13 16:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/13 16:38:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs
[2014/01/13 16:38:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/01/13 15:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/13 15:49:42 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/13 15:47:37 | 000,389,120 | ---- | C] (Marvell) -- C:\Windows\SysNative\drivers\yk62x64.sys.bak
[2014/01/13 15:47:23 | 000,318,000 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2014/01/13 15:47:16 | 000,347,680 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014/01/13 15:46:56 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/13 15:46:46 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/13 15:46:29 | 002,736,640 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/13 15:46:27 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/02 01:46:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\CyberLink

========== Files - Modified Within 30 Days ==========

[2014/01/17 08:31:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 08:31:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 08:21:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/17 08:20:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/17 08:20:24 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/16 16:23:55 | 000,001,075 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2014/01/16 16:23:55 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014/01/16 16:22:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2014/01/16 16:18:48 | 224,608,616 | ---- | M] (Emsisoft GmbH ) -- C:\Users\Daniel\Desktop\EmsisoftAntiMalwareSetup.exe
[2014/01/16 16:13:54 | 000,000,280 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1A5622E0-1010-48A6-A1B9-AE136BA19528}.job
[2014/01/16 15:56:07 | 011,151,510 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/16 15:56:07 | 003,812,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/16 15:56:07 | 000,004,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/16 15:51:23 | 000,427,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 15:34:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/16 15:34:58 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/16 12:32:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/16 11:32:04 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/16 11:30:58 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/16 11:00:32 | 000,005,004 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/01/15 15:32:18 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\TFC.exe
[2014/01/15 15:26:56 | 001,236,282 | ---- | M] () -- C:\Users\Daniel\Desktop\AdwCleaner.exe
[2014/01/15 15:26:32 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Daniel\Desktop\JRT.exe
[2014/01/13 16:39:05 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 15:47:38 | 000,389,120 | ---- | M] (Marvell) -- C:\Windows\SysNative\drivers\yk62x64.sys.bak
[2014/01/13 15:47:23 | 000,318,000 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2014/01/13 15:47:16 | 000,347,680 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014/01/13 15:46:56 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/13 15:46:46 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/13 15:46:29 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/13 15:46:28 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2013/12/24 04:48:43 | 000,002,331 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk
[2013/12/19 00:56:13 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

========== Files Created - No Company Name ==========

[2014/01/16 16:23:55 | 000,001,075 | ---- | C] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2014/01/16 16:23:55 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014/01/16 16:13:54 | 000,000,280 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{1A5622E0-1010-48A6-A1B9-AE136BA19528}.job
[2014/01/16 15:34:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/16 15:34:58 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/16 12:19:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/16 12:19:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/16 12:19:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/16 12:19:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/16 12:19:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/16 11:00:32 | 000,005,004 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/01/16 10:34:53 | 001,236,282 | ---- | C] () -- C:\Users\Daniel\Desktop\AdwCleaner.exe
[2014/01/13 16:39:05 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/03/03 11:32:58 | 000,001,854 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\GhostObjGAFix.xml
[2010/11/23 18:51:13 | 000,004,608 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/03/17 09:04:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ACTIV Software
[2011/12/02 01:32:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Azureus
[2012/10/14 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
[2011/01/08 14:58:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\funkitron
[2010/11/23 18:07:34 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MusicNet
[2010/12/16 00:21:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details
[2011/03/18 19:33:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Promethean
[2013/03/09 10:22:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TuneUpMedia

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:

  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.

    Sendori
Inform me if you encounter problems in the removal process.
  • Step 2

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
    PRC - [2013/07/01 14:28:16 | 000,196,896 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
    PRC - [2013/07/01 14:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
    PRC - [2013/07/01 14:28:16 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
    PRC - [2013/07/01 14:28:14 | 000,043,296 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriControl.exe
    PRC - [2013/07/01 14:28:14 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
    SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
    SRV - [2013/07/01 14:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
    SRV - [2013/07/01 14:28:14 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
    SRV - [2013/07/01 14:28:12 | 003,623,200 | ---- | M] (Sendori) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{5DECF223-E9AF-465E-A466-43BB64D3E853}: "URL" = http://en.wikipedia....h={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{65F306BD-33E8-4CF2-A940-45F85D0B3002}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{C53E3225-AF0B-4917-9442-34D406D547A0}: "URL" = http://search.yahoo....psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{65F306BD-33E8-4CF2-A940-45F85D0B3002}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{C53E3225-AF0B-4917-9442-34D406D547A0}: "URL" = http://search.yahoo....psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF
    IE - HKCU\..\SearchScopes\{65F306BD-33E8-4CF2-A940-45F85D0B3002}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPT_enUS405
    IE - HKCU\..\SearchScopes\{C53E3225-AF0B-4917-9442-34D406D547A0}: "URL" = http://search.yahoo....psg&type=HPNTDF
    IE - HKCU\..\SearchScopes\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
    
    :Files
    C:\Program Files (x86)\Sendori
    C:\Program Files\McAfee Security Scan
    
    :Commands
    [emptytemp]
    
  • Click Run Fix.
  • OTL will reboot your system. Allow it by clicking OK.
  • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'AdwCleaner by Xplode' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 5

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

    Posted Image

  • Click Run Scan.
  • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):
  • MMDDYYYY_HHMMSS.log (OTL)
  • Extras.txt (OTL)
  • OTL.txt (OTL)
  • AdwCleaner[S*].txt (AdwCleaner)
  • JRT.txt (Junkware Removal Tool)

  • 0

#4
Richk138

Richk138

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
Hello Pyxis and thank you for helping me out. I wanted to give you an update on the keylogger installed on this computer. It will disable the network card when certain characters are typed into the keyboard regardless of the program running at that time. I can type in the string of characters "eset" from the desktop with no running program and it will disable the card. Same goes for other strings of text that are antimalware related. Here are my posts.

01212014_082922

eset5All processes killed
========== OTL ==========
No active process named SendoriUp.exe was found!
No active process named SendoriSvc.exe was found!
No active process named SendoriTray.exe was found!
No active process named SendoriControl.exe was found!
No active process named Sendori.Service.exe was found!
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe moved successfully.
Error: No service named Application Sendori was found to stop!
Service\Driver key Application Sendori not found.
File C:\Program Files (x86)\Sendori\SendoriSvc.exe not found.
Error: No service named Service Sendori was found to stop!
Service\Driver key Service Sendori not found.
File C:\Program Files (x86)\Sendori\Sendori.Service.exe not found.
Error: No service named sndappv2 was found to stop!
Service\Driver key sndappv2 not found.
File C:\Program Files (x86)\Sendori\sndappv2.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5DECF223-E9AF-465E-A466-43BB64D3E853}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DECF223-E9AF-465E-A466-43BB64D3E853}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65F306BD-33E8-4CF2-A940-45F85D0B3002}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65F306BD-33E8-4CF2-A940-45F85D0B3002}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C53E3225-AF0B-4917-9442-34D406D547A0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53E3225-AF0B-4917-9442-34D406D547A0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65F306BD-33E8-4CF2-A940-45F85D0B3002}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65F306BD-33E8-4CF2-A940-45F85D0B3002}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C53E3225-AF0B-4917-9442-34D406D547A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53E3225-AF0B-4917-9442-34D406D547A0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65F306BD-33E8-4CF2-A940-45F85D0B3002}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65F306BD-33E8-4CF2-A940-45F85D0B3002}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C53E3225-AF0B-4917-9442-34D406D547A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53E3225-AF0B-4917-9442-34D406D547A0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE09A265-34BB-4CBB-814C-4B3253BEF4CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin\ deleted successfully.
C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{59c6f12b-f004-43e5-9997-08f2123119b6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c6f12b-f004-43e5-9997-08f2123119b6}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sendori Tray not found.
File C:\Program Files (x86)\Sendori\SendoriTray.exe not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Sendori not found.
C:\Program Files\McAfee Security Scan\3.8.130\sacoredata folder moved successfully.
C:\Program Files\McAfee Security Scan\3.8.130 folder moved successfully.
C:\Program Files\McAfee Security Scan folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Daniel
->Temp folder emptied: 10724723 bytes
->Temporary Internet Files folder emptied: 564808463 bytes
->Java cache emptied: 14996935 bytes
->Google Chrome cache emptied: 89809112 bytes
->Apple Safari cache emptied: 13662208 bytes
->Flash cache emptied: 3259482 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92120179 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42316513 bytes
RecycleBin emptied: 81949364 bytes

Total Files Cleaned = 871.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01212014_082922

Files\Folders moved on Reboot...
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry entries deleted on Reboot...

*******************************************************************************************************************
OTL.Txt

OTL logfile created on: 1/21/2014 08:48:10 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 70.12% Memory free
5.49 Gb Paging File | 4.48 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.46 Gb Total Space | 185.82 Gb Free Space | 66.02% Space Free | Partition Type: NTFS
Drive D: | 16.33 Gb Total Space | 2.35 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive E: | 39.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 99.34 Mb Total Space | 89.17 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

Computer Name: dcouchen | User Name: dcouchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/16 16:22:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 11:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/19 20:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/10/02 20:46:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/04 15:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/06 09:43:32 | 000,120,152 | ---- | M] (WeFi) [On_Demand | Stopped] -- C:\Program Files (x86)\WeFi\WefiEngSvc.exe -- (WefiEngSvc)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 19:36:18 | 000,136,352 | ---- | M] (Kaspersky Lab) [Disabled | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe -- (klnagent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/02/22 11:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/17 12:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/17 11:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/22 20:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/22 20:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2934103209-312051979-2481787893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2934103209-312051979-2481787893-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2934103209-312051979-2481787893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2934103209-312051979-2481787893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Daniel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/01/16 12:32:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-2934103209-312051979-2481787893-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2934103209-312051979-2481787893-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2934103209-312051979-2481787893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 152.41.212.15 152.41.212.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{073752D1-36ED-421F-B5A8-D107DD595AF1}: DhcpNameServer = 152.41.212.15 152.41.212.16
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/21 08:40:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\newscan
[2014/01/21 08:38:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\New folder
[2014/01/21 08:29:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/17 14:19:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
[2014/01/17 14:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/01/17 14:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/01/17 14:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/01/17 14:18:53 | 029,465,768 | ---- | C] (SUPERAntiSpyware) -- C:\Users\Daniel\Desktop\SUPERAntiSpyware.exe
[2014/01/17 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\ProcessMonitor
[2014/01/17 11:17:36 | 000,661,184 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Daniel\Desktop\autoruns.exe
[2014/01/17 11:12:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/01/17 10:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2014/01/17 10:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2014/01/17 10:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2014/01/17 09:22:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/01/17 09:22:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/01/17 09:22:00 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/01/17 09:22:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/01/17 09:21:59 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/01/17 09:21:59 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/01/17 09:21:59 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/01/17 09:21:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/01/17 09:21:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/01/17 09:21:58 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/01/17 09:21:58 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/01/17 09:21:58 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/01/17 09:21:57 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/01/17 09:21:55 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/01/17 09:21:55 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/01/17 09:21:52 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/01/16 16:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2014/01/16 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Anti-Malware
[2014/01/16 16:22:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2014/01/16 16:15:55 | 224,608,616 | ---- | C] (Emsisoft GmbH ) -- C:\Users\Daniel\Desktop\EmsisoftAntiMalwareSetup.exe
[2014/01/16 15:42:26 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/01/16 15:42:25 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/01/16 15:42:25 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/01/16 15:42:23 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/01/16 15:39:07 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/01/16 15:35:09 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/16 15:35:09 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/16 15:34:59 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/16 15:34:59 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/16 15:34:59 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/16 15:34:59 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/16 15:34:59 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/16 15:34:59 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/16 15:34:59 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/01/16 15:34:59 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/16 15:34:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/16 15:34:59 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/16 15:34:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/16 15:34:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/16 15:34:59 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/16 15:34:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/01/16 15:34:59 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/16 15:34:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/01/16 15:34:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/16 15:34:58 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/16 15:34:58 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/16 15:34:58 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/16 15:34:58 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/01/16 15:34:58 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/16 15:34:58 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/16 15:34:58 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/01/16 15:34:58 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/16 15:34:58 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/16 15:34:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/16 15:34:58 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/16 15:34:58 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/16 15:34:58 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/01/16 15:34:58 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/16 15:34:58 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/16 15:34:58 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/16 15:34:58 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/16 15:34:58 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/16 15:34:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/16 15:34:58 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/16 15:34:58 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/01/16 15:34:58 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/16 15:34:58 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/16 15:34:58 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/16 15:34:58 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/16 15:34:58 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/16 15:34:58 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/16 15:34:58 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/16 15:34:58 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/16 15:34:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/16 15:34:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/16 15:34:58 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/16 15:34:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/16 15:34:58 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/16 15:34:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/16 15:34:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/16 15:34:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/01/16 15:34:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/16 15:34:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/16 15:34:58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/16 15:34:58 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/16 15:34:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/16 15:34:58 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/01/16 15:34:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/16 15:34:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/16 12:36:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/16 12:19:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/16 12:19:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/16 12:19:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/16 12:19:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/16 12:18:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/16 11:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/16 11:32:04 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/16 11:20:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/16 11:09:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/16 10:54:21 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/01/16 10:54:20 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/01/16 10:54:20 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/01/16 10:54:19 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/01/16 10:54:19 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/01/16 10:54:19 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/01/16 10:54:18 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/01/16 10:54:17 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/01/16 10:54:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/01/16 10:54:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/01/16 10:54:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/01/16 10:54:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/01/16 10:54:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/01/16 10:42:38 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/01/16 10:42:38 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/01/16 10:42:36 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2014/01/16 10:42:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/01/16 10:42:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/01/16 10:42:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/01/16 10:42:23 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/01/16 10:42:11 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/01/16 10:42:11 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2014/01/16 10:42:08 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/01/16 10:42:07 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/01/16 10:42:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2014/01/16 10:42:07 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2014/01/16 10:42:07 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2014/01/16 10:42:00 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2014/01/16 10:42:00 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2014/01/16 10:42:00 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2014/01/16 10:42:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2014/01/16 10:42:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2014/01/16 10:42:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2014/01/16 10:42:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2014/01/16 10:42:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2014/01/16 10:41:50 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/01/16 10:41:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/01/16 10:41:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2014/01/16 10:41:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2014/01/16 10:41:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2014/01/16 10:41:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2014/01/16 10:41:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2014/01/16 10:41:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2014/01/16 10:41:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2014/01/16 10:41:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2014/01/16 10:41:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2014/01/16 10:41:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2014/01/16 10:41:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/01/16 10:41:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/01/16 10:41:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2014/01/16 10:41:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2014/01/16 10:41:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2014/01/16 10:41:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2014/01/16 10:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2014/01/16 10:41:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2014/01/16 10:41:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2014/01/16 10:41:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2014/01/16 10:41:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2014/01/16 10:41:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2014/01/16 10:41:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2014/01/16 10:41:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2014/01/16 10:41:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2014/01/16 10:41:44 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/16 10:41:44 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/16 10:41:36 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/01/16 10:41:36 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/01/16 10:41:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/01/16 10:41:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/01/16 10:41:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/01/16 10:41:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2014/01/16 10:41:27 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2014/01/16 10:40:53 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2014/01/16 10:40:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2014/01/16 10:40:30 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2014/01/16 10:40:28 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/16 10:40:14 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/01/16 10:40:11 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/01/16 10:40:11 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/01/16 10:40:08 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/01/16 10:40:08 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/01/16 10:40:08 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/01/16 10:40:08 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2014/01/16 10:40:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/01/16 10:40:07 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/01/16 10:39:27 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2014/01/16 10:39:09 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2014/01/16 10:39:09 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2014/01/16 10:39:09 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2014/01/16 10:39:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2014/01/16 10:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/01/16 10:34:54 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Daniel\Desktop\JRT.exe
[2014/01/16 10:34:53 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\TFC.exe
[2014/01/13 16:45:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2014/01/13 16:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/13 16:38:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/13 16:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/13 16:38:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs
[2014/01/13 16:38:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/01/13 15:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/13 15:49:42 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/13 15:47:37 | 000,389,120 | ---- | C] (Marvell) -- C:\Windows\SysNative\drivers\yk62x64.sys.bak
[2014/01/13 15:47:37 | 000,016,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wmilib.sys.bak
[2014/01/13 15:47:35 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys.bak
[2014/01/13 15:47:35 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys.bak
[2014/01/13 15:47:33 | 001,485,312 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS.bak
[2014/01/13 15:47:32 | 000,740,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS.bak
[2014/01/13 15:47:32 | 000,292,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS.bak
[2014/01/13 15:47:31 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\videoprt.sys.bak
[2014/01/13 15:47:29 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys.bak
[2014/01/13 15:47:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys.bak
[2014/01/13 15:47:28 | 000,038,456 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys.bak
[2014/01/13 15:47:28 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys.bak
[2014/01/13 15:47:27 | 000,054,784 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys.bak
[2014/01/13 15:47:27 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys.bak
[2014/01/13 15:47:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys.bak
[2014/01/13 15:47:25 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys.bak
[2014/01/13 15:47:24 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys.bak
[2014/01/13 15:47:23 | 000,318,000 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2014/01/13 15:47:23 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tape.sys.bak
[2014/01/13 15:47:22 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys.bak
[2014/01/13 15:47:22 | 000,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys.bak
[2014/01/13 15:47:22 | 000,024,656 | ---- | C] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys.bak
[2014/01/13 15:47:21 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys.bak
[2014/01/13 15:47:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\smclib.sys.bak
[2014/01/13 15:47:18 | 000,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys.bak
[2014/01/13 15:47:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys.bak
[2014/01/13 15:47:17 | 000,245,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys.bak
[2014/01/13 15:47:16 | 000,347,680 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014/01/13 15:47:15 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys.bak
[2014/01/13 15:47:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys.bak
[2014/01/13 15:47:15 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rootmdm.sys.bak
[2014/01/13 15:47:11 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys.bak
[2014/01/13 15:47:10 | 000,048,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys.bak
[2014/01/13 15:47:04 | 005,434,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\netw5v64.sys.bak
[2014/01/13 15:47:04 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys.bak
[2014/01/13 15:46:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcd.sys.bak
[2014/01/13 15:46:56 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/13 15:46:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\irda.sys.bak
[2014/01/13 15:46:49 | 006,108,416 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys.bak
[2014/01/13 15:46:48 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys.bak
[2014/01/13 15:46:48 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys.bak
[2014/01/13 15:46:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys.bak
[2014/01/13 15:46:46 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2014/01/13 15:46:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys.bak
[2014/01/13 15:46:46 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/13 15:46:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys.bak
[2014/01/13 15:46:42 | 003,286,016 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys.bak
[2014/01/13 15:46:42 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys.bak
[2014/01/13 15:46:41 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys.bak
[2014/01/13 15:46:41 | 000,055,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys.bak
[2014/01/13 15:46:41 | 000,028,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys.bak
[2014/01/13 15:46:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxapi.sys.bak
[2014/01/13 15:46:40 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys.bak
[2014/01/13 15:46:40 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys.bak
[2014/01/13 15:46:39 | 000,039,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys.bak
[2014/01/13 15:46:38 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys.bak
[2014/01/13 15:46:37 | 000,468,480 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys.bak
[2014/01/13 15:46:35 | 000,028,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys.bak
[2014/01/13 15:46:33 | 000,270,848 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys.bak
[2014/01/13 15:46:32 | 006,403,072 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atipmdag.sys.bak
[2014/01/13 15:46:32 | 000,016,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\AtiPcie.sys.bak
[2014/01/13 15:46:30 | 006,403,072 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys.bak
[2014/01/13 15:46:30 | 000,188,928 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys.bak
[2014/01/13 15:46:29 | 002,736,640 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/13 15:46:29 | 000,155,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys.bak
[2014/01/13 15:46:29 | 000,125,456 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys.bak
[2014/01/13 15:46:28 | 000,028,728 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys.bak
[2014/01/13 15:46:27 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/13 15:46:27 | 000,070,200 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys.bak
[2014/01/13 15:46:24 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394bus.sys.bak
[2014/01/02 01:46:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\CyberLink

========== Files - Modified Within 30 Days ==========

[2014/01/21 08:47:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/21 08:46:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/21 08:46:30 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/21 08:41:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 08:41:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 16:41:48 | 011,164,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/17 16:41:48 | 003,817,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/17 16:41:48 | 000,004,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/17 14:19:22 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/17 14:19:01 | 029,465,768 | ---- | M] (SUPERAntiSpyware) -- C:\Users\Daniel\Desktop\SUPERAntiSpyware.exe
[2014/01/17 11:17:36 | 000,661,184 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Daniel\Desktop\autoruns.exe
[2014/01/17 10:33:52 | 002,365,840 | ---- | M] () -- C:\Users\Daniel\Desktop\SecurityTaskManager_Setup.exe
[2014/01/16 16:22:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2014/01/16 16:18:48 | 224,608,616 | ---- | M] (Emsisoft GmbH ) -- C:\Users\Daniel\Desktop\EmsisoftAntiMalwareSetup.exe
[2014/01/16 16:13:54 | 000,000,280 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1A5622E0-1010-48A6-A1B9-AE136BA19528}.job
[2014/01/16 15:51:23 | 000,427,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 15:35:09 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/16 15:35:09 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/16 15:34:59 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/16 15:34:59 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/16 15:34:59 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/16 15:34:59 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/16 15:34:59 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/16 15:34:59 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/16 15:34:59 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/01/16 15:34:59 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/16 15:34:59 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/16 15:34:59 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/16 15:34:59 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/16 15:34:59 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/16 15:34:59 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/16 15:34:59 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/01/16 15:34:59 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/16 15:34:59 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/01/16 15:34:59 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/16 15:34:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/16 15:34:58 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/16 15:34:58 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/16 15:34:58 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/16 15:34:58 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/01/16 15:34:58 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/16 15:34:58 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/16 15:34:58 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/01/16 15:34:58 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/16 15:34:58 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/16 15:34:58 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/16 15:34:58 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/16 15:34:58 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/16 15:34:58 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/01/16 15:34:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/16 15:34:58 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/16 15:34:58 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/16 15:34:58 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/16 15:34:58 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/16 15:34:58 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/16 15:34:58 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/16 15:34:58 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/01/16 15:34:58 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/16 15:34:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/16 15:34:58 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/16 15:34:58 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/16 15:34:58 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/16 15:34:58 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/16 15:34:58 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/16 15:34:58 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/16 15:34:58 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/16 15:34:58 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/16 15:34:58 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/16 15:34:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/16 15:34:58 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/16 15:34:58 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/16 15:34:58 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/16 15:34:58 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/01/16 15:34:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/16 15:34:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/16 15:34:58 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/16 15:34:58 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/16 15:34:58 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/16 15:34:58 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/16 15:34:58 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/01/16 15:34:58 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/16 15:34:58 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/16 12:32:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/16 11:32:04 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/16 11:30:58 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/16 11:00:32 | 000,005,004 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/01/15 15:32:18 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\TFC.exe
[2014/01/15 15:26:56 | 001,236,282 | ---- | M] () -- C:\Users\Daniel\Desktop\AdwCleaner.exe
[2014/01/15 15:26:32 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Daniel\Desktop\JRT.exe
[2014/01/13 16:39:05 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 15:47:38 | 000,389,120 | ---- | M] (Marvell) -- C:\Windows\SysNative\drivers\yk62x64.sys.bak
[2014/01/13 15:47:37 | 000,016,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wmilib.sys.bak
[2014/01/13 15:47:36 | 000,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys.bak
[2014/01/13 15:47:35 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys.bak
[2014/01/13 15:47:33 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS.bak
[2014/01/13 15:47:33 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS.bak
[2014/01/13 15:47:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS.bak
[2014/01/13 15:47:31 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\videoprt.sys.bak
[2014/01/13 15:47:29 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys.bak
[2014/01/13 15:47:29 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys.bak
[2014/01/13 15:47:28 | 000,038,456 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys.bak
[2014/01/13 15:47:28 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys.bak
[2014/01/13 15:47:27 | 000,054,784 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys.bak
[2014/01/13 15:47:27 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys.bak
[2014/01/13 15:47:27 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys.bak
[2014/01/13 15:47:26 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys.bak
[2014/01/13 15:47:24 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys.bak
[2014/01/13 15:47:23 | 000,318,000 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2014/01/13 15:47:23 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tape.sys.bak
[2014/01/13 15:47:22 | 000,189,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys.bak
[2014/01/13 15:47:22 | 000,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys.bak
[2014/01/13 15:47:22 | 000,024,656 | ---- | M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys.bak
[2014/01/13 15:47:21 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys.bak
[2014/01/13 15:47:20 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\smclib.sys.bak
[2014/01/13 15:47:18 | 000,171,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys.bak
[2014/01/13 15:47:18 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys.bak
[2014/01/13 15:47:17 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys.bak
[2014/01/13 15:47:16 | 000,347,680 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014/01/13 15:47:16 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rootmdm.sys.bak
[2014/01/13 15:47:15 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys.bak
[2014/01/13 15:47:15 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys.bak
[2014/01/13 15:47:11 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys.bak
[2014/01/13 15:47:10 | 000,048,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys.bak
[2014/01/13 15:47:04 | 005,434,368 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\netw5v64.sys.bak
[2014/01/13 15:47:04 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys.bak
[2014/01/13 15:46:57 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcd.sys.bak
[2014/01/13 15:46:56 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/13 15:46:53 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\irda.sys.bak
[2014/01/13 15:46:50 | 006,108,416 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys.bak
[2014/01/13 15:46:48 | 000,078,720 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys.bak
[2014/01/13 15:46:48 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys.bak
[2014/01/13 15:46:48 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys.bak
[2014/01/13 15:46:46 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2014/01/13 15:46:46 | 000,033,240 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys.bak
[2014/01/13 15:46:46 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/13 15:46:45 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys.bak
[2014/01/13 15:46:43 | 003,286,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys.bak
[2014/01/13 15:46:42 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys.bak
[2014/01/13 15:46:41 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys.bak
[2014/01/13 15:46:41 | 000,055,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys.bak
[2014/01/13 15:46:41 | 000,028,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys.bak
[2014/01/13 15:46:41 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxapi.sys.bak
[2014/01/13 15:46:40 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys.bak
[2014/01/13 15:46:40 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys.bak
[2014/01/13 15:46:39 | 000,039,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys.bak
[2014/01/13 15:46:38 | 000,179,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys.bak
[2014/01/13 15:46:37 | 000,468,480 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys.bak
[2014/01/13 15:46:35 | 000,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys.bak
[2014/01/13 15:46:35 | 000,028,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys.bak
[2014/01/13 15:46:33 | 006,403,072 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atipmdag.sys.bak
[2014/01/13 15:46:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys.bak
[2014/01/13 15:46:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\AtiPcie.sys.bak
[2014/01/13 15:46:30 | 006,403,072 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys.bak
[2014/01/13 15:46:29 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/13 15:46:29 | 000,155,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys.bak
[2014/01/13 15:46:29 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys.bak
[2014/01/13 15:46:28 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/13 15:46:28 | 000,028,728 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys.bak
[2014/01/13 15:46:27 | 000,070,200 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys.bak
[2014/01/13 15:46:24 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394bus.sys.bak
[2013/12/24 04:48:43 | 000,002,331 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2014/01/17 14:19:22 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/17 10:33:52 | 002,365,840 | ---- | C] () -- C:\Users\Daniel\Desktop\SecurityTaskManager_Setup.exe
[2014/01/16 16:13:54 | 000,000,280 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{1A5622E0-1010-48A6-A1B9-AE136BA19528}.job
[2014/01/16 15:34:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/16 15:34:58 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/16 12:19:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/16 12:19:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/16 12:19:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/16 12:19:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/16 12:19:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/16 11:00:32 | 000,005,004 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/01/16 10:34:53 | 001,236,282 | ---- | C] () -- C:\Users\Daniel\Desktop\AdwCleaner.exe
[2014/01/13 16:39:05 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/03/03 11:32:58 | 000,001,854 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\GhostObjGAFix.xml
[2010/11/23 18:51:13 | 000,004,608 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/03/17 09:04:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ACTIV Software
[2011/12/02 01:32:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Azureus
[2012/10/14 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
[2011/01/08 14:58:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\funkitron
[2010/11/23 18:07:34 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MusicNet
[2010/12/16 00:21:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details
[2011/03/18 19:33:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Promethean
[2013/03/09 10:22:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TuneUpMedia

========== Purity Check ==========



< End of report >

**********************************************************************************************************************

Extras.Txt

OTL Extras logfile created on: 1/21/2014 08:48:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 70.12% Memory free
5.49 Gb Paging File | 4.48 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.46 Gb Total Space | 185.82 Gb Free Space | 66.02% Space Free | Partition Type: NTFS
Drive D: | 16.33 Gb Total Space | 2.35 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive E: | 39.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 99.34 Mb Total Space | 89.17 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

Computer Name: dcouchen | User Name: dcouchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{D4AACCF2-44BA-4ECE-81A3-0F4509DD25D3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{EAE42FCF-A4F8-4154-A9D4-AA946730FEDA}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F15D3F83-06DD-40AE-B7FC-AF720B154589}" = ActivDriver x64 v5.7
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{3115C75C-E386-4E53-B470-2BA22F8342E1}" = DU Waterfowl Scenes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{32C747FB-2576-4503-B75D-DEE95161C60E}" = ActivInspire Core Resources (ENU) v1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}" = SeaWorld Adventure Park Tycoon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}" = HP Documentation
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786A9F7E-CFEC-451F-B3C4-22EB11550FD8}" = Kaspersky Lab Network Agent
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{7F57E0DE-D0F7-47CC-A4AB-D21EB8E4BE48}" = ActivInspire v1
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{CDEACF5E-2BC9-4095-840A-B85F1655D8E6}" = ActivInspire Help (USA) v1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DB078F4F-FC74-4A07-9E07-A6623A18A667}" = ActivInspire HWR Resources (ENU) v1
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{786A9F7E-CFEC-451F-B3C4-22EB11550FD8}" = Kaspersky Lab Network Agent
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"oovootoolbar" = ooVoo Toolbar
"Security Task Manager" = Security Task Manager 1.8g
"TuneUpMedia" = TuneUp Companion 2.2.7
"Uninstall_is1" = Uninstall 1.0.0.1
"WeFi" = WeFi 4.0.0.16
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2934103209-312051979-2481787893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 12/27/2010 09:58:16 | Computer Name = Daniel-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121027085806.xml
File not created by asset agent

Error - 3/3/2011 12:32:55 | Computer Name = dcouchen | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031103113252.xml
File not created by asset agent

Error - 5/23/2011 23:59:57 | Computer Name = dcouchen | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051123115954.xml
File not created by asset agent

Error - 5/24/2011 00:12:08 | Computer Name = dcouchen | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051124121204.xml
File not created by asset agent

Error - 6/6/2011 21:54:29 | Computer Name = dcouchen | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061106095425.xml
File not created by asset agent

Error - 8/22/2011 23:14:46 | Computer Name = dcouchen | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081122111441.xml
File not created by asset agent

Error - 8/30/2011 22:32:14 | Computer Name = dcouchen | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081130103206.xml
File not created by asset agent

Error - 8/31/2011 20:08:20 | Computer Name = dcouchen | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HP.ActiveSupportLibrary

at HP.ActiveSupportLibrary.Issues.HPSFSession.?()

[ HP Wireless Assistant Events ]
Error - 3/25/2013 23:51:22 | Computer Name = dcouchen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Out of memory at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at
System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/25/2013 23:51:22 | Computer Name = dcouchen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Out of memory at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at
System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/25/2013 23:51:22 | Computer Name = dcouchen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Out of memory at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at
System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/25/2013 23:51:22 | Computer Name = dcouchen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Out of memory at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at
System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/25/2013 23:51:22 | Computer Name = dcouchen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Out of memory at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at
System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/25/2013 23:51:26 | Computer Name = dcouchen | Source = HP WA Service | ID = 0
Description = System.OutOfMemoryException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios)
at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 4/17/2013 00:35:20 | Computer Name = dcouchen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 6/1/2013 10:31:42 | Computer Name = dcouchen | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 6/1/2013 10:31:49 | Computer Name = dcouchen | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 12/30/2013 02:13:48 | Computer Name = dcouchen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ Kaspersky Event Log Events ]
Error - 11/26/2013 02:28:51 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

Error - 11/26/2013 02:28:51 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

Error - 12/16/2013 03:44:48 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

Error - 12/16/2013 03:44:48 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

Error - 12/19/2013 02:07:28 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

Error - 12/19/2013 02:07:28 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

Error - 12/19/2013 02:09:44 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

Error - 12/19/2013 02:09:44 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

Error - 12/24/2013 05:38:46 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

Error - 12/24/2013 05:38:46 | Computer Name = dcouchen | Source = klnagent | ID = 1
Description = #1181 (-2147221164) Error 1181/0x80040154 ('System error 0x80040154
(Class not registered)') opening firewall manager.

[ SendoriLogs Events ]
Error - 12/30/2013 11:01:52 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 1/10/2014 01:35:19 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 1/13/2014 17:35:14 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 1/13/2014 17:40:13 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 1/13/2014 17:45:14 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 1/13/2014 17:50:13 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 1/13/2014 17:55:14 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 1/16/2014 11:12:46 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 1/16/2014 11:17:45 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 1/16/2014 11:22:45 | Computer Name = dcouchen | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

[ System Events ]
Error - 1/21/2014 09:46:43 | Computer Name = dcouchen | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
Data: Error Value: 2147549183.


< End of report >

***************************************************************************************************************

JRT.Txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by dcouchen on Tue 01/21/2014 at 8:37:16.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/21/2014 at 8:44:13.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*******************************************************************************************************

AdwCleaner.Txt

# AdwCleaner v3.017 - Report created 21/01/2014 at 08:45:49
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : dcouchen - dcouchen
# Running from : C:\Users\Daniel\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Daniel\AppData\Local\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v

[ File : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14714 octets] - [16/01/2014 11:20:09]
AdwCleaner[R1].txt - [932 octets] - [21/01/2014 08:45:03]
AdwCleaner[S0].txt - [13657 octets] - [16/01/2014 11:21:13]
AdwCleaner[S1].txt - [858 octets] - [21/01/2014 08:45:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [917 octets] ##########



___________________________________________________________________________________________________________________
  • 0

#5
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

I wanted to give you an update on the keylogger installed on this computer. It will disable the network card when certain characters are typed into the keyboard regardless of the program running at that time. I can type in the string of characters "eset" from the desktop with no running program and it will disable the card. Same goes for other strings of text that are antimalware related. Here are my posts.

I think it was Sendori doing that, which we have already removed. Could you test your computer a bit and see if the issue still persists while I get my next fix approved? :)
  • 0

#6
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
I noticed you have run ComboFix before. While it is indeed a great tool, it comes with a price with unsupervised use. It is able to render your machine unbootable. I ask that you do not run it again without the recommendation of an expert. Since you ran it, it produced a log. Do you think you can look at C:\Qoobox and post any logs you may find there here?

  • Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.

    McAfee Security Scan Plus
    ooVoo Toolbar
Inform me if you encounter problems in the removal process.
  • Step 2

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.

    Java Runtime Environment -- Update
Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Step 3

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2014/01/16 10:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    
    :Commands
    [resethosts]
    
  • Click Run Fix.
  • After, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.

    • Double-click mbam-setup-*.exe and proceed to installing the program.
    • Accept the License Agreement.
    • At the end, ensure a check mark is both placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
    • In case you don't get a chance to do so, you may also find the log in the program's Logs tab.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 5

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.

  • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
  • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

    Posted Image

  • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
  • Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt to your desktop.
  • Select Uninstall application on close and click Finish.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):
  • MMDDYYYY_HHMMSS.log (OTL)
  • log.txt (ESET Online Scan)
  • mbam-log-*.txt (Malwarebytes' Anti-Malware)

  • 0

#7
Richk138

Richk138

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
Pyxis,

Sorry but I have already wiped the hard drive and started over. I appreciate your willingness to help me and thank you for your time. I was sort of in a time crunch so I had to do what I did. Good luck on your training. I am in training also and am a freshman. I'll see you in the trenches. Thanks again.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP