Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91518 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Audio ads constantly starting! [Closed]


  • This topic is locked This topic is locked
8 replies to this topic

#1 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 15 November 2013 - 07:23 PM

As of yesterday I've started getting these audio ads from a right sidebar peddling all kinds of things. It offers to sidetrack them - just sign up for a small fee! I can't watch anything video/audio on my laptop, because this other video is constantly cutting in.

 

I ran a Malwarebytes Antimalware scan - no effect. If it couldn't help, I knew I was in trouble. So I'm here.

 

I've run a Hijackthis log, which is below.

 

Thanks!!

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:18:31 PM, on 11/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)

FIREFOX: 25.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Users\Owner\AppData\Local\DM\TinyDM.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
G:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Tiny download manager] "C:\Users\Owner\AppData\Local\DM\TinyDM.exe" /M
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdpeakProxy - Adpeak, Inc. - C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11755 bytes
 


    Advertisements

Register to Remove


#2 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 15 November 2013 - 11:41 PM

Hi and Welcome!! Getoutandstayout :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

=========================

Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.
=============================== Next =======================================


Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
On your next reply please post :
  • OTL.txt
  • Extras.txt
  • aswMBR log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#3 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 16 November 2013 - 01:42 PM

Attached are the three logs. Thanks!

 

---

 

OTL logfile created on: 11/16/2013 1:42:28 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.55% Memory free
7.60 Gb Paging File | 5.85 Gb Available in Paging File | 77.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 720.25 Gb Total Space | 610.39 Gb Free Space | 84.75% Space Free | Partition Type: NTFS
Drive D: | 191.16 Gb Total Space | 187.00 Gb Free Space | 97.82% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Users\Owner\AppData\Local\DM\TinyDM.exe (http://www.tinydm.com/)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\f9124f49805c3b8dd1cff18621cb8dc6\System.WorkflowServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d5b949ce49c52b48c6012d4100e9f272\System.ServiceModel.Routing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0991480e062731a80dfb4da63488f901\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\499106911ed2b69e2d659e7bdb800ef6\System.ServiceModel.Channels.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0d621aadc7266eb56c60b58db0c47635\System.ServiceModel.Activities.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\226bf686752309b3a23a816fa9ee3c09\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fcda1de189b146359ef01bc4a6ded4a\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\154e8c42d6af569306d8ad2f5e757c2d\System.ServiceModel.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (Riverbed Technology, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (Riverbed Technology, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...123485&tsp=5033
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SMSN_enUS527
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9075D215-9DF4-48AC-B52A-CD672241F19D}: "URL" = http://www.search.as...archTerms}&psv=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Owner\AppData\Local\Roblox\Versions\version-22d46fdc522044b7\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/11/13 22:07:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 22:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Owner\AppData\Local\GreatArcadeHits\gahff.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 22:03:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/03/18 21:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/11/15 22:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fjf16t7h.default\extensions
[2013/11/15 22:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/11/15 22:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 22:03:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/13 22:07:57 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
 
O1 HOSTS File: ([2013/11/14 21:45:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Standby] C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Tiny download manager] C:\Users\Owner\AppData\Local\DM\TinyDM.exe (http://www.tinydm.com/)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{632C2F7A-FBE2-4133-8DDD-B9A36B62CC25}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C21A971D-8227-4C89-B722-BA7D6141C5EE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/15 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 21:46:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/11/14 21:18:15 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll
[2013/11/14 21:18:09 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysWow64\AdpeakProxy.dll
[2013/11/13 22:08:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\RealNetworks
[2013/11/13 22:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/11/13 22:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/11/13 22:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/11/13 22:07:30 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2013/11/13 22:07:17 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll
[2013/11/13 22:07:17 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll
[2013/11/13 22:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/11/13 22:07:16 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2013/11/13 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2013/11/13 21:18:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\COWON
[2013/11/13 21:15:30 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/13 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/11/13 21:09:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Seths stuff
[2013/11/13 08:15:47 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/11/13 08:15:36 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/11/13 08:15:36 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/11/13 08:15:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/11/13 08:15:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/11/13 08:15:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2013/11/13 08:15:34 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/11/13 08:15:33 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/11/13 08:15:33 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/11/13 08:15:33 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/11/13 08:15:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 07:57:55 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE
[2013/11/13 07:55:42 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/13 07:55:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/11/13 07:55:38 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/13 07:55:38 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/11/13 07:55:38 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/11/13 07:55:38 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/13 07:55:38 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/11/13 07:55:38 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/11/13 07:55:38 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/13 07:55:38 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/13 07:55:38 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/13 07:55:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/11/13 07:55:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/11/13 07:55:38 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/11/13 07:55:38 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/13 07:55:38 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/11/13 07:55:38 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/11/13 07:55:38 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/11/13 07:55:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/11/13 07:55:38 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/11/13 07:55:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/13 07:55:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/11/13 07:55:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/13 07:55:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/13 07:55:38 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/11/13 07:55:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/11/13 07:55:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/13 07:55:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/13 07:55:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/11/13 07:55:38 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/11/13 07:55:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/11/13 07:55:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/13 07:55:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/11/13 07:55:38 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/11/13 07:55:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/11/13 07:55:38 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/13 07:55:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/13 07:55:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/11/13 07:55:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/11/13 07:55:37 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/13 07:55:37 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/13 07:55:37 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/11/13 07:55:37 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/13 07:55:37 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/13 07:55:37 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/13 07:55:37 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/13 07:55:37 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/11/13 07:55:37 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/13 07:55:37 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/13 07:55:37 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/11/13 07:55:37 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/11/13 07:55:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/11/13 07:55:37 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/13 07:55:37 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/13 07:55:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/11/13 07:55:37 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/11/13 07:55:37 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/11/13 07:55:37 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/11/13 07:55:37 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/13 07:55:37 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/11/13 07:55:37 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/11/13 07:55:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/13 07:55:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/13 07:55:37 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/11/13 07:55:37 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/11/13 07:55:37 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/13 07:55:37 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/11/13 07:55:37 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/11/13 07:55:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/11/13 07:55:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/13 07:55:37 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/11/13 07:55:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/11/13 07:55:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/13 07:55:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/11/13 07:55:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/13 07:55:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/13 07:55:37 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/11/13 07:55:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/11/13 07:55:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/11/13 07:55:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/13 07:54:07 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/11/13 07:54:07 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/11/13 07:54:07 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/11/13 07:54:07 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/11/13 07:54:07 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013/11/13 07:54:07 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdh.dll
[2013/11/13 07:54:07 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdh.dll
[2013/11/13 07:54:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/11/13 07:54:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/11/13 07:54:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/11/13 07:54:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/11/13 07:54:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/11/13 07:54:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/11/13 07:53:09 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/11/13 07:53:09 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/10/23 19:42:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/10/23 19:42:52 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/10/23 19:42:52 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/10/23 19:42:52 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/23 19:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/19 20:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2013/10/19 20:42:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Adobe Flash Builder 4.6
[2013/10/19 20:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2013/10/19 20:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/10/19 18:33:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/16 13:42:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/11/16 13:38:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/11/16 13:36:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/16 13:36:46 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/16 08:59:25 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 08:59:25 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/15 22:29:39 | 4081,627,136 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/15 20:20:57 | 000,780,908 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/15 20:20:57 | 000,661,568 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/15 20:20:57 | 000,121,962 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/14 21:45:50 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/11/13 22:08:03 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/11/13 22:07:30 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2013/11/13 22:07:17 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll
[2013/11/13 22:07:17 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll
[2013/11/13 22:07:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2013/11/13 21:04:36 | 000,000,081 | ---- | M] () -- C:\Users\Owner\Documents\My Music.7z
[2013/11/13 18:25:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/13 07:55:42 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/13 07:55:42 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/11/13 07:55:38 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/13 07:55:38 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/11/13 07:55:38 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/11/13 07:55:38 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/13 07:55:38 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/11/13 07:55:38 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/11/13 07:55:38 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/13 07:55:38 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/13 07:55:38 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/13 07:55:38 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/11/13 07:55:38 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/11/13 07:55:38 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/11/13 07:55:38 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/13 07:55:38 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/11/13 07:55:38 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/11/13 07:55:38 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/11/13 07:55:38 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/11/13 07:55:38 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/11/13 07:55:38 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/13 07:55:38 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/11/13 07:55:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/13 07:55:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/13 07:55:38 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/11/13 07:55:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/11/13 07:55:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/13 07:55:38 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/13 07:55:38 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/11/13 07:55:38 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/11/13 07:55:38 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/11/13 07:55:38 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/13 07:55:38 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/11/13 07:55:38 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/11/13 07:55:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/11/13 07:55:38 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/13 07:55:38 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/13 07:55:38 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/11/13 07:55:38 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/13 07:55:38 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/11/13 07:55:37 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/13 07:55:37 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/13 07:55:37 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/11/13 07:55:37 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/13 07:55:37 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/13 07:55:37 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/13 07:55:37 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/13 07:55:37 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/11/13 07:55:37 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/13 07:55:37 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/13 07:55:37 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/11/13 07:55:37 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/11/13 07:55:37 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/11/13 07:55:37 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/13 07:55:37 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/13 07:55:37 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/11/13 07:55:37 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/11/13 07:55:37 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/11/13 07:55:37 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/11/13 07:55:37 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/13 07:55:37 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/11/13 07:55:37 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/11/13 07:55:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/13 07:55:37 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/13 07:55:37 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/11/13 07:55:37 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/11/13 07:55:37 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/13 07:55:37 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/11/13 07:55:37 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/11/13 07:55:37 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/11/13 07:55:37 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/13 07:55:37 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/11/13 07:55:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/11/13 07:55:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/13 07:55:37 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/11/13 07:55:37 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/13 07:55:37 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/13 07:55:37 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/11/13 07:55:37 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/13 07:55:37 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/11/13 07:55:37 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/11/13 07:55:37 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/13 07:54:07 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/11/13 07:54:07 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/11/13 07:54:07 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/11/13 07:54:07 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/11/13 07:54:07 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013/11/13 07:54:07 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdh.dll
[2013/11/13 07:54:07 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdh.dll
[2013/11/13 07:54:07 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/11/13 07:54:07 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/11/13 07:54:07 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/11/13 07:54:07 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/11/13 07:54:07 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/11/13 07:54:07 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/11/13 07:53:09 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/11/13 07:53:09 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/11/12 20:06:59 | 556,209,825 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/10/28 07:56:09 | 004,949,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/13 22:08:03 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/11/13 21:04:36 | 000,000,081 | ---- | C] () -- C:\Users\Owner\Documents\My Music.7z
[2013/11/13 07:55:38 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/13 07:55:37 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/10/26 15:17:36 | 003,544,173 | ---- | C] () -- C:\Users\Owner\Desktop\SDC11800.JPG
[2013/06/08 19:05:35 | 000,775,124 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/05/25 21:31:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/05/25 21:31:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/05/25 21:31:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/05/25 21:31:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/05/25 21:31:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/28 20:22:23 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/23 18:02:57 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/01 08:13:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2013/11/13 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\COWON
[2013/11/13 20:21:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iFunbox_UserCache
[2013/09/29 17:35:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
[2013/10/14 14:35:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/09/05 19:43:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TrueCrypt
[2013/03/22 00:29:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
[2013/04/02 18:43:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\erdnt\cache86\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ATA ST1000LM024 HN-M SCSI Disk Device
Partitions: 4
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 20.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 21472739328
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 720.00GB
Starting Offset: 21577596928
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 191.00GB
Starting Offset: 794940145664
Hidden sectors: 0
 

< End of report >

---

 

OTL Extras logfile created on: 5/31/2013 11:36:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 56.17% Memory free
7.60 Gb Paging File | 5.80 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 720.25 Gb Total Space | 677.26 Gb Free Space | 94.03% Space Free | Partition Type: NTFS
Drive D: | 191.16 Gb Total Space | 190.53 Gb Free Space | 99.67% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{587272CD-34E8-4950-A5E4-FFF04CA986E2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B2A5DE9-BEDF-4F6C-AF0E-05E7C49EC306}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{93041B72-F317-4C18-99B8-98A04718F186}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0DA126A2-7978-4521-934B-BE62D333C95F}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"TCP Query User{1A3B1702-1B7B-4A5F-AAF0-D70D40FE2C1D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{56008E56-AAD6-43B9-9105-976B8679E3D3}C:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe |
"UDP Query User{313974A2-BFEC-48C2-8124-B3F0FF67B44D}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{58D3436C-FAB7-4B0C-A174-B9FE990A0135}C:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe |
"UDP Query User{6BF2BA2E-BFED-4C20-92E5-AB8F7848CAE9}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel® PROSet/Wireless WiFi Software
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B53F9744-F0FB-44A6-9739-335CDAB4488A}" = HP Photosmart 6510 series Basic Device Software
"{BF8D7372-5200-4EC7-9FB0-5398D108F81C}" = Intel® Wireless Display
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749BDD29-D756-4B9B-8022-3E666A24C13F}" = Samsung Support Center
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8428B4D-E324-4F5C-9CC7-E88B53CD765E}" = ContentHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ExtractNow" = ExtractNow
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/31/2013 10:24:03 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
Error - 5/31/2013 10:24:03 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
Error - 5/31/2013 10:24:03 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
Error - 5/31/2013 10:24:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
Error - 5/31/2013 10:24:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
Error - 5/31/2013 10:24:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
Error - 5/31/2013 10:24:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
Error - 5/31/2013 10:24:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
Error - 5/31/2013 10:24:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
Error - 5/31/2013 10:24:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -583.
 
[ System Events ]
Error - 5/21/2013 9:43:11 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147217025.
 
Error - 5/21/2013 9:43:11 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 5/21/2013 9:43:43 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147217025.
 
Error - 5/21/2013 9:43:43 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 2 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 5/21/2013 9:44:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147217025.
 
Error - 5/21/2013 9:44:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly.  It has done this
 3 time(s).
 
Error - 5/21/2013 9:44:34 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147217025.
 
Error - 5/21/2013 9:44:34 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly.  It has done this
 4 time(s).
 
Error - 5/21/2013 9:44:43 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147217025.
 
Error - 5/21/2013 9:44:43 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly.  It has done this
 5 time(s).
 
 
< End of report >

---

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-02 00:37:13
-----------------------------
00:37:13.274    OS Version: Windows x64 6.1.7600
00:37:13.284    Number of processors: 4 586 0x2502
00:37:13.284    ComputerName: OWNER-PC  UserName: Owner
00:37:14.955    Initialize success
00:38:38.043    AVAST engine defs: 13060101
00:41:02.822    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:41:02.827    Disk 0 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 3
00:41:03.022    Disk 0 MBR read successfully
00:41:03.026    Disk 0 MBR scan
00:41:03.032    Disk 0 unknown MBR code
00:41:03.040    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        20477 MB offset 2048
00:41:03.054    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 41938944
00:41:03.068    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       737536 MB offset 42143744
00:41:03.075    Disk 0 Partition - 00     0F Extended LBA            195752 MB offset 1552617472
00:41:03.105    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       195751 MB offset 1552619520
00:41:03.241    Disk 0 scanning C:\windows\system32\drivers
00:41:10.956    Service scanning
00:41:33.314    Modules scanning
00:41:33.329    Disk 0 trace - called modules:
00:41:33.363    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:41:33.372    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800443a430]
00:41:33.380    3 CLASSPNP.SYS[fffff880018ba43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004355050]
00:41:34.656    AVAST engine scan C:\windows
00:41:38.494    AVAST engine scan C:\windows\system32
00:43:28.737    AVAST engine scan C:\windows\system32\drivers
00:43:37.499    AVAST engine scan C:\Users\Owner
00:50:09.154    AVAST engine scan C:\ProgramData
00:51:15.683    Scan finished successfully
01:04:19.738    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
01:04:19.738    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-16 14:03:27
-----------------------------
14:03:27.413    OS Version: Windows x64 6.1.7601 Service Pack 1
14:03:27.413    Number of processors: 4 586 0x2502
14:03:27.414    ComputerName: OWNER-PC  UserName: Owner
14:03:28.985    Initialize success
14:05:22.865    AVAST engine defs: 13111600
14:05:40.494    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
14:05:40.499    Disk 0 Vendor: ATA_____ 0002 Size: 953869MB BusType: 11
14:05:40.619    Disk 0 MBR read successfully
14:05:40.623    Disk 0 MBR scan
14:05:40.631    Disk 0 unknown MBR code
14:05:40.648    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        20477 MB offset 2048
14:05:40.662    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 41938944
14:05:40.675    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       737536 MB offset 42143744
14:05:40.684    Disk 0 Partition - 00     0F Extended LBA            195752 MB offset 1552617472
14:05:40.713    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       195751 MB offset 1552619520
14:05:40.749    Disk 0 scanning C:\windows\system32\drivers
14:05:51.183    Service scanning
14:06:15.837    Modules scanning
14:06:15.854    Disk 0 trace - called modules:
14:06:15.874    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
14:06:15.884    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004621060]
14:06:15.894    3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> [0xfffffa80044e38d0]
14:06:15.903    5 iaStorF.sys[fffff88001a13a2c] -> nt!IofCallDriver -> \Device\0000006b[0xfffffa800436b060]
14:06:17.400    AVAST engine scan C:\windows
14:06:21.426    AVAST engine scan C:\windows\system32
14:10:18.977    AVAST engine scan C:\windows\system32\drivers
14:10:32.034    AVAST engine scan C:\Users\Owner
14:30:15.413    AVAST engine scan C:\ProgramData
14:38:55.774    Scan finished successfully
14:41:05.218    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:41:05.249    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

 



#4 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 17 November 2013 - 03:02 AM

Hi :)

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next

81mYIKe.jpgAdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Next

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :
  • checkup.txt
  • AdwCleaner[R0].txt
  • JRT.txt
  • All RKreport.txt

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#5 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 17 November 2013 - 12:00 PM

Here are the documents.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Sun 11/17/2013 at 12:39:07.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2950786308-227742302-1544317472-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9075D215-9DF4-48AC-B52A-CD672241F19D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\bitguard"
Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\delta"



~~~ FireFox

Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\fjf16t7h.default\user.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\fjf16t7h.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\fjf16t7h.default\bprotector_prefs.js
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\fjf16t7h.default\prefs.js

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "46931a6f000000000000001e64614fd1");
user_pref("extensions.delta.instlDay", "15990");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.69:25:49");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=123485&tsp=5033");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("searchreset.backup.browser.newtab.url", "hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=4693001E64614FD1&affID=123485&tsp=5033");
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\fjf16t7h.default\minidumps [105 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/17/2013 at 12:45:07.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

@@@@@@@@@@@@@@@@

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
 

@@@@@@@@@@@@@@

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 11/17/2013 12:53:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] TinyDM.exe -- C:\Users\Owner\AppData\Local\DM\TinyDM.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Tiny download manager ("C:\Users\Owner\AppData\Local\DM\TinyDM.exe" /M [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2950786308-227742302-1544317472-1000\[...]\Run : Tiny download manager ("C:\Users\Owner\AppData\Local\DM\TinyDM.exe" /M [-]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA ST1000LM024 HN-M SCSI Disk Device +++++
--- User ---
[MBR] 7eff1432a622af626863c5e67f7a81aa
[BSP] 93cdc7717401d64c498ed9f671384465 : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20477 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41938944 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 42143744 | Size: 737536 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1552617472 | Size: 195752 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11172013_125356.txt >>

@@@@@@@@@@@@@

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/17/2013 12:56:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] TinyDM.exe -- C:\Users\Owner\AppData\Local\DM\TinyDM.exe [-] -> KILLED [TermProc]

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 12 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 0 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection :  ¤¤¤

Finished : << RKreport[0]_SC_11172013_125620.txt >>
RKreport[0]_D_11172013_125516.txt;RKreport[0]_S_11172013_125356.txt





 



#6 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 19 November 2013 - 02:01 PM

Hi ;)

 

You miss AdwCleaner log

Please  post it in your next reply


- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#7 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 20 November 2013 - 03:51 PM

I'm sorry for the delay - I'm having power issues with my laptop. The inside port is loose and I'm unable to get power to the laptop. I may have to get back with you once this is resolved (i.e. I can get it repaired).



#8 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 21 November 2013 - 05:16 AM

Ok I`ll wait you
- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#9 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 30 November 2013 - 11:59 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users