Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Still need help with rvzr-a.akamaihd.net pop-ups [Solved]


  • This topic is locked This topic is locked
16 replies to this topic

#1 sirscrambles

sirscrambles

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 04 January 2014 - 01:25 AM

Hi, I went on 2 week vacation shortly before making my previous post and it got locked, so I am reposting it here.

 

Hi. Some friends used my PC and I started getting pop-ups to rvzr-a.akamaihd.net so I did a system scan with MalwareBytes. A bunch of viruses showed up, but this one appears to be sticking around after multiple clean-ups. I've also been getting this error window. Can anyone help?

 

Here is my HijackThis logfile:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:47:41 AM, on 12/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
 
Running processes:
C:\Windows\SysWOW64\Rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Matt\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Matt\Desktop\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\c07ef82f-3e39-4561-b15b-cb195789f408.exe /check
O4 - HKLM\..\Run: [BrowserAppCoreService] C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe "C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe" "restart"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SearchProtection] "C:\Users\Matt\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
O4 - HKCU\..\Run: [ConduitFloatingPlugin_oiffmnkajgkhjjchngmajlomfdhfjdma] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Temp\CT3287810\plugins\TBVerifier.dll",RunConduitFloatingPlugin oiffmnkajgkhjjchngmajlomfdhfjdma
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windowslive\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\WindowsLive\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL56 - Unknown owner - C:/Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Realtek11nCU - Realtek - C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 14614 bytes

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 January 2014 - 09:10 PM

Hi sirscrambles,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
bullseye_zpse9eaf36e.gif OTL

Download OTL to your desktop.
  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    services.*
    /md5stop
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    dir "%systemdrive%\*" /S /A:L /C
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 sirscrambles

sirscrambles

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 05 January 2014 - 01:59 AM

Hi OCD, thanks for the reply. Here are the results of my scans.
 
checkup.txt
 
 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````  
 
aswMBR.txt (note: it didn't ask to download AVast's virus definitions, but I use Avast so that may be why)
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-04 22:44:00
-----------------------------
22:44:00.770    OS Version: Windows x64 6.1.7601 Service Pack 1
22:44:00.770    Number of processors: 4 586 0x3A09
22:44:00.770    ComputerName: LACOMPUTADORA  UserName: Matt
22:44:02.122    Initialize success
22:44:02.209    AVAST engine defs: 14010300
22:44:14.254    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:44:14.257    Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
22:44:14.347    Disk 0 MBR read successfully
22:44:14.350    Disk 0 MBR scan
22:44:14.353    Disk 0 Windows 7 default MBR code
22:44:14.364    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:44:14.369    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
22:44:14.383    Disk 0 scanning C:\Windows\system32\drivers
22:44:23.293    Service scanning
22:44:38.155    Modules scanning
22:44:38.163    Disk 0 trace - called modules:
22:44:38.190    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
22:44:38.195    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077ad060]
22:44:38.530    3 CLASSPNP.SYS[fffff8800187443f] -> nt!IofCallDriver -> [0xfffffa80071a5580]
22:44:38.536    5 ACPI.sys[fffff88000f3b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80074ee060]
22:44:42.163    AVAST engine scan C:\Windows
22:44:43.928    AVAST engine scan C:\Windows\system32
22:46:57.536    AVAST engine scan C:\Windows\system32\drivers
22:47:09.030    AVAST engine scan C:\Users\Matt
23:35:15.343    AVAST engine scan C:\ProgramData
23:37:39.632    Scan finished successfully
23:38:10.418    Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
23:38:10.424    The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"
 
 
MBR.zip is attached as requested.
 
OLT.txt
 
OTL logfile created on: 1/4/2014 11:40:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.97 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 47.68% Memory free
15.93 Gb Paging File | 11.11 Gb Available in Paging File | 69.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 507.21 Gb Free Space | 54.46% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 340.48 Gb Free Space | 18.28% Space Free | Partition Type: NTFS
 
Computer Name: LACOMPUTADORA | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Matt\Desktop\aswMBR (1).exe (AVAST Software)
PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe (Last.fm)
PRC - C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe (ShopAtHome.com)
PRC - C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe (Realtek)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\defs\14010300\algo.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Program Files (x86)\Last.fm\listener.dll ()
MOD - C:\Program Files (x86)\Last.fm\unicorn.dll ()
MOD - C:\Program Files (x86)\Last.fm\logger.dll ()
MOD - C:\Program Files (x86)\Last.fm\lastfm.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Users\Matt\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll ()
MOD - C:\Program Files (x86)\Last.fm\phonon.dll ()
MOD - C:\Program Files (x86)\Last.fm\libvlccore.dll ()
MOD - C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\Last.fm\libvlc.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Users\Matt\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (MySQL56) -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Realtek11nCU) -- C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe (Realtek)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BIOS) -- C:\Windows\SysNative\drivers\BIOS64.sys (BIOSTAR Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (rtlss) -- C:\Windows\SysNative\drivers\rtlss.sys (Realtek Semiconductor Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (BIOS) -- C:\Windows\SysWOW64\drivers\BIOS64.sys (BIOSTAR Group)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 97 B0 F1 37 3F CE 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{34101CA4-CE22-4C55-9DC5-F1A3D8E42DAB}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{51EF8EDE-C7E2-4EA7-BCFB-636A4DC76E99}: "URL" = http://websearch.ask...70-370B7A80C8F5
IE - HKCU\..\SearchScopes\{5AD71A63-605A-4BBE-94AA-A0131319E20C}: "URL" = http://search.condui...2610302051&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js
 
========== FireFox ==========
 
FF - prefs.js..CT3287810.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "VisualBee V.11 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.11 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "VisualBee V.11 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://search.condui...745192&UM=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/22 11:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 15:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 15:14:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/05/02 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/12/13 16:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions
[2013/12/13 16:12:58 | 000,000,000 | ---D | M] (VisualBee V.11) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\{7093ee04-f2e4-4637-a667-0f730797b3a0}
[2013/12/13 16:15:45 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com
[2013/06/22 09:30:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\toolbar@ask.com
[2013/12/13 16:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData
[2013/12/13 16:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins
[2013/12/13 16:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\userCode
[2013/06/22 09:30:05 | 000,002,308 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\askcom.xml
[2013/12/13 16:12:58 | 000,001,005 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\conduit.xml
[2013/09/27 09:00:49 | 000,000,915 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\yahoo.xml
[2013/08/16 15:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/16 15:14:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Google Docs = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AutocardAnywhere = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobkhgkgoejnjaiofdmphhkemmomfabg\2.2.44_0\
CHR - Extension: AdBlock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: avast! WebRep = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: VisualBee = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\1.26.113_0\crossrider
CHR - Extension: VisualBee = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\1.26.113_0\
CHR - Extension: Google Wallet = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VisualBee) - {11111111-1111-1111-1111-110311391106} - C:\Program Files (x86)\VisualBee\VisualBee-bho64.dll (VisualBee)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrowserAppCoreService] C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe (ShopAtHome.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Matt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_oiffmnkajgkhjjchngmajlomfdhfjdma] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Temp\CT3287810\plugins\TBVerifier.dll",RunConduitFloatingPlugin oiffmnkajgkhjjchngmajlomfdhfjdma File not found
O4 - HKCU..\Run: [F.lux] C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SearchProtection] C:\Users\Matt\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00584BFE-D7C8-4F6A-9BE1-CC26039FFCC1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15FAAF80-846E-4EA1-87B7-ED6413C2C560}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/14 16:20:22 | 000,000,033 | -HS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{d8ac015f-1191-11e3-8bd9-0024211eaa99}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ac015f-1191-11e3-8bd9-0024211eaa99}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/04 22:50:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\pictures
[2014/01/04 22:43:44 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR (1).exe
[2014/01/04 22:34:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/01/04 10:28:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Skyrim
[2014/01/04 10:28:12 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2014/01/04 10:28:12 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2014/01/04 10:28:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2014/01/04 10:28:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2014/01/04 10:28:10 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2014/01/04 10:28:10 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2014/01/04 10:28:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2014/01/04 10:28:09 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2014/01/04 10:28:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2014/01/04 10:28:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2014/01/04 10:28:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2014/01/04 10:28:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2014/01/04 10:28:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2014/01/04 10:28:06 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2014/01/04 10:28:05 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2014/01/04 10:28:05 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2014/01/04 10:28:04 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2014/01/04 10:28:04 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2014/01/04 10:28:02 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2014/01/04 10:28:02 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2014/01/04 10:28:02 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2014/01/04 10:28:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2014/01/04 10:28:01 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2014/01/04 10:28:01 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2014/01/04 10:28:01 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2014/01/04 10:28:01 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2014/01/04 10:28:01 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2014/01/04 10:28:00 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2014/01/04 10:28:00 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2014/01/04 10:28:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2014/01/04 10:28:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2014/01/04 10:27:59 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2014/01/04 10:27:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2014/01/04 10:27:59 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2014/01/04 10:27:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2014/01/04 10:27:57 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2014/01/04 10:27:57 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2014/01/04 10:27:57 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2014/01/04 10:27:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2014/01/04 10:27:57 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2014/01/04 10:27:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2014/01/04 10:27:56 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2014/01/04 10:27:56 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2014/01/04 10:27:55 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2014/01/04 10:27:55 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2014/01/04 10:27:54 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2014/01/04 10:27:54 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2014/01/04 10:27:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2014/01/04 10:27:54 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2014/01/04 10:27:54 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2014/01/04 10:27:54 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2014/01/04 10:27:53 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2014/01/04 10:27:53 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2014/01/04 10:27:52 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2014/01/04 10:27:51 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2014/01/04 10:27:51 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2014/01/04 10:27:51 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2014/01/04 10:27:51 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2014/01/04 10:27:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2014/01/04 10:27:50 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2014/01/04 10:27:50 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2014/01/04 10:27:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2014/01/04 10:27:49 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2014/01/04 10:27:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2014/01/04 10:27:49 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2014/01/04 10:27:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2014/01/04 10:27:48 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2014/01/04 10:27:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2014/01/04 10:27:48 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2014/01/04 10:27:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2014/01/04 10:27:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2014/01/04 10:27:47 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2014/01/04 10:27:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2014/01/04 10:27:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2014/01/04 10:27:46 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2014/01/04 10:27:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2014/01/04 10:27:46 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2014/01/04 10:27:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2014/01/04 10:27:44 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2014/01/04 10:27:44 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/12/29 11:49:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\NEW MUSIC
[2013/12/29 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\BOOKS
[2013/12/29 10:56:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\OLD PC STUFF
[2013/12/15 01:46:46 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Matt\Desktop\HiJackThis.exe
[2013/12/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Windows
[2013/12/13 16:20:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
[2013/12/13 16:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisualBee
[2013/12/13 16:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/13 16:13:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\NativeMessaging
[2013/12/13 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Conduit
[2013/12/13 16:13:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\CRE
[2013/12/13 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/12/13 16:12:58 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\SearchProtect
[2013/12/13 16:12:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\emaze
[2013/12/13 15:22:18 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\12-18 SHOW RECORD_data
[2013/12/13 13:53:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\GWR forever_data
[2013/12/12 18:08:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Star Wars Prequel Trilogy (1999-2005)
[2013/12/12 01:26:06 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 01:26:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 01:26:06 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 01:26:04 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 01:25:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 01:25:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 01:25:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 01:25:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 01:25:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 01:25:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 01:25:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 01:25:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 01:25:13 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 01:25:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 01:25:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 01:25:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 01:25:12 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 01:25:11 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 01:25:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 01:25:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 22:04:12 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 22:04:11 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 22:04:01 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 22:04:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 22:03:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 22:03:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 22:03:39 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 22:03:38 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 22:03:38 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 22:03:37 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 22:03:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 22:03:37 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 22:03:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/04 23:38:49 | 000,000,595 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.zip
[2014/01/04 23:38:10 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/01/04 22:54:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/04 22:54:12 | 000,780,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/04 22:54:12 | 000,660,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/04 22:54:12 | 000,121,386 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/04 22:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/04 22:50:36 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3206978427-3775841784-1250852860-1000UA.job
[2014/01/04 22:43:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR (1).exe
[2014/01/04 22:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/01/04 22:32:41 | 000,987,410 | ---- | M] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2014/01/04 22:29:43 | 000,001,928 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
[2014/01/04 22:29:42 | 000,001,320 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job
[2014/01/04 22:29:27 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/01/04 22:29:23 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/04 22:29:16 | 000,002,050 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2014/01/04 22:29:10 | 000,001,224 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2014/01/04 22:29:10 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job
[2014/01/04 22:28:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/04 22:28:52 | 2120,007,679 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/04 00:50:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3206978427-3775841784-1250852860-1000Core.job
[2014/01/03 19:09:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/01/03 07:37:05 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 07:37:04 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/15 01:46:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Matt\Desktop\HiJackThis.exe
[2013/12/14 18:45:55 | 000,152,411 | ---- | M] () -- C:\Users\Matt\Desktop\ERR.png
[2013/12/13 16:13:45 | 000,000,000 | ---- | M] () -- C:\END
[2013/12/13 15:37:05 | 000,159,642 | ---- | M] () -- C:\Users\Matt\Desktop\12-18 SHOW RECORD.aup
[2013/12/13 13:53:46 | 000,397,963 | ---- | M] () -- C:\Users\Matt\Desktop\GWR forever.aup
[2013/12/12 05:56:00 | 000,308,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 14:51:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 14:51:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/01/04 23:38:49 | 000,000,595 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.zip
[2014/01/04 23:38:10 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/01/04 22:32:39 | 000,987,410 | ---- | C] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/12/14 18:45:55 | 000,152,411 | ---- | C] () -- C:\Users\Matt\Desktop\ERR.png
[2013/12/13 16:16:13 | 000,001,320 | ---- | C] () -- C:\Windows\tasks\VisualBee-updater.job
[2013/12/13 16:15:59 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\VisualBee-enabler.job
[2013/12/13 16:15:52 | 000,001,224 | ---- | C] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/12/13 16:15:25 | 000,002,050 | ---- | C] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2013/12/13 16:14:59 | 000,001,928 | ---- | C] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
[2013/12/13 16:12:31 | 000,000,000 | ---- | C] () -- C:\END
[2013/12/13 16:12:29 | 000,001,232 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/12/13 15:22:18 | 000,159,642 | ---- | C] () -- C:\Users\Matt\Desktop\12-18 SHOW RECORD.aup
[2013/12/13 13:53:46 | 000,397,963 | ---- | C] () -- C:\Users\Matt\Desktop\GWR forever.aup
[2013/11/30 15:48:44 | 000,007,104 | ---- | C] () -- C:\Users\Matt\AppData\Local\recently-used.xbel
[2013/08/03 11:02:36 | 000,000,477 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/07/31 22:28:58 | 000,773,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/02 11:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/27 11:55:55 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/05/27 11:55:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/05/07 20:35:54 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/04/22 11:43:47 | 000,000,600 | ---- | C] () -- C:\Users\Matt\AppData\Local\PUTTY.RND
[2013/03/28 18:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 18:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/28 17:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/03/28 17:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 00:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/17 08:33:06 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/02/17 08:33:06 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/02/17 08:24:48 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/17 07:32:04 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/01 22:12:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2013/04/26 11:31:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ableton
[2014/01/04 13:56:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2013/05/19 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Bioshock
[2014/01/04 22:30:44 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Dropbox
[2013/08/03 13:43:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FileZilla
[2013/07/28 13:58:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Guitar Pro 6
[2013/04/22 23:25:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2013/04/25 12:23:06 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MusicBrainz
[2013/08/03 11:09:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MySQL
[2013/04/24 11:52:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Notepad++
[2013/04/22 15:22:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenOffice.org
[2013/08/03 09:31:20 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Origin
[2013/04/22 20:32:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Rainmeter
[2013/12/01 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Rogue Legacy
[2013/09/27 09:00:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Search Protection
[2013/12/13 16:12:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SearchProtect
[2014/01/04 01:40:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
[2013/08/20 20:35:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Spotify
[2013/08/09 12:20:23 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stencyl
[2013/12/12 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2013/12/13 16:20:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows
[2013/05/29 20:15:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\yWorks
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2011/04/12 00:17:31 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2011/04/12 00:17:31 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 12:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 12:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 19:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 19:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2011/04/12 00:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2011/04/12 00:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2011/04/12 00:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2011/04/12 00:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-A80E4F97.PF  >
[2014/01/04 23:41:00 | 000,030,056 | ---- | M] () MD5=8C1A867568326C027BB212B02FF682F1 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
 
< MD5 for: IEXPLORE.EX_  >
[1996/09/23 04:31:38 | 000,530,623 | ---- | M] () MD5=42852684C37B60C33316B0A7270455A7 -- C:\Users\Matt\Documents\My Games\Oregon Trail II\EREG\COMPSERV\WINCIM\IEXPLORE.EX_
 
< MD5 for: IEXPLORE.EXE  >
[2013/11/24 19:49:58 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/11/24 19:49:58 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2013/07/25 22:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013/05/16 20:10:41 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=1423FF1BFD2ECD9CFC8C17EA4F98B20F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16490_none_0d07eadd80a334bf\iexplore.exe
[2013/08/09 22:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2013/04/22 23:53:28 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2013/06/11 20:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2013/06/11 16:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/04/22 23:53:29 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2013/08/09 22:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/09 20:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/10/12 13:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2013/10/12 01:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2013/04/04 14:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe
[2013/08/09 21:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2013/05/16 15:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16490_none_175c952fb503f6ba\iexplore.exe
[2013/07/06 22:42:02 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=774C18BA997F40DA7F5A9A4AF822F49C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16618_none_168386401e431b98\iexplore.exe
[2013/07/25 19:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2010/11/20 19:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/07/25 21:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013/06/11 18:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/10/11 23:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/05/16 17:46:47 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=A1397D2A4924C390E55D146FB45FDF7C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20600_none_0df2d8da9977d637\iexplore.exe
[2013/04/04 17:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe
[2013/05/16 14:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20600_none_1847832ccdd89832\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2013/04/04 13:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe
[2013/04/04 16:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe
[2010/11/20 19:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/11/24 19:49:58 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/11/24 19:49:58 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2013/06/11 23:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013/07/06 22:42:02 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=CEE28BCBC3251595396EE7FDA2B5F3CF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16618_none_20d8309252a3dd93\iexplore.exe
[2013/09/22 15:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/10/11 23:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2013/09/22 16:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/07/25 21:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/22 17:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2013/09/22 17:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/11/24 19:49:58 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/24 19:49:58 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/24 19:49:58 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/11/24 19:49:58 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2013/04/22 23:53:28 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2013/04/22 23:53:29 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/07/06 22:42:02 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/07/06 22:42:02 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/13 18:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 18:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 13:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 02:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.DLL  >
[2010/05/26 14:15:34 | 004,465,432 | ---- | M] (SmartSound Software Inc.) MD5=E053C8AE408EEA23A63DB30E3750A427 -- C:\Program Files (x86)\SmartSound Software\Quicktracks 5\Services.dll
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/04/12 00:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 00:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.H  >
[2013/05/21 16:13:46 | 000,000,524 | ---- | M] () MD5=5F92E9BFBD26B0EB2256D8BBF18C20C7 -- C:\Program Files\MySQL\MySQL Server 5.6\include\mysql\services.h
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 20:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 20:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 00:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 00:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 00:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 00:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.RDB  >
[2012/08/13 09:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 09:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012/08/10 14:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
 
< MD5 for: WINLOGON.ADML  >
[2011/04/12 00:17:31 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2011/04/12 00:17:31 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 13:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 13:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2011/04/12 00:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2011/04/12 00:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2011/04/12 00:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2011/04/12 00:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 12:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 12:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/12/13 16:13:45 | 000,000,000 | ---- | M] () -- C:\END
[2014/01/04 22:28:52 | 2120,007,679 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/04 22:28:53 | 4258,336,767 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2013/03/06 14:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/05 21:56:16 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is B677-643C
 Directory of C:\
07/13/2009  09:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  09:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  09:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  09:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  09:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  09:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  09:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  09:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  09:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  09:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  09:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  09:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  09:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  09:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  09:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  09:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  09:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  09:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  09:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  09:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  09:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  09:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  09:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  09:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  09:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  09:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  09:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  09:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  09:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  09:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  09:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Matt
04/21/2013  12:21 PM    <JUNCTION>     Application Data [C:\Users\Matt\AppData\Roaming]
04/21/2013  12:21 PM    <JUNCTION>     Cookies [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies]
04/21/2013  12:21 PM    <JUNCTION>     Local Settings [C:\Users\Matt\AppData\Local]
04/21/2013  12:21 PM    <JUNCTION>     My Documents [C:\Users\Matt\Documents]
04/21/2013  12:21 PM    <JUNCTION>     NetHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/21/2013  12:21 PM    <JUNCTION>     PrintHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/21/2013  12:21 PM    <JUNCTION>     Recent [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Recent]
04/21/2013  12:21 PM    <JUNCTION>     SendTo [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\SendTo]
04/21/2013  12:21 PM    <JUNCTION>     Start Menu [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu]
04/21/2013  12:21 PM    <JUNCTION>     Templates [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Matt\AppData\Local
04/21/2013  12:21 PM    <JUNCTION>     Application Data [C:\Users\Matt\AppData\Local]
04/21/2013  12:21 PM    <JUNCTION>     History [C:\Users\Matt\AppData\Local\Microsoft\Windows\History]
04/21/2013  12:21 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Matt\Documents
04/21/2013  12:21 PM    <JUNCTION>     My Music [C:\Users\Matt\Music]
04/21/2013  12:21 PM    <JUNCTION>     My Pictures [C:\Users\Matt\Pictures]
04/21/2013  12:21 PM    <JUNCTION>     My Videos [C:\Users\Matt\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  09:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  09:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  09:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s)  540,432,142,336 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/04/23 08:20:43 | 000,000,221 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/01/04 22:43:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR (1).exe
[2013/12/15 01:46:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Matt\Desktop\HiJackThis.exe
[2014/01/04 22:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/01/04 22:32:41 | 000,987,410 | ---- | M] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 17:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 21:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 17:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 19:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 19:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 17:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 17:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 17:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 14:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 21:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 20:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 19:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 19:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 19:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 22:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 17:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 17:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 17:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 17:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 19:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 17:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 17:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 17:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 17:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 17:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 09:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 03:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 22:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 17:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 17:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 19:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 19:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 19:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 17:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 17:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 19:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 19:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 19:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 19:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 19:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 19:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 17:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 21:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 19:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 19:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 19:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 19:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 19:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 19:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 19:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 19:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 19:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 17:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 14:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 19:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 19:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST31000524AS ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: ST2000DL 001-9VT156 USB Device
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
< End of report >
 
Extras.txt
 
OTL Extras logfile created on: 1/4/2014 11:40:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.97 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 47.68% Memory free
15.93 Gb Paging File | 11.11 Gb Available in Paging File | 69.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 507.21 Gb Free Space | 54.46% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 340.48 Gb Free Space | 18.28% Space Free | Partition Type: NTFS
 
Computer Name: LACOMPUTADORA | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE927DA-37AE-4DB3-A91A-1E248949F371}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{1EB2CA24-EBA8-44FD-9D04-837B0D6EEB4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1F6D75EB-FBBF-427E-9C02-836CCFD2F7BC}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{222BFFE5-8F49-4BF6-AED2-83FE4807E1E9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2890258F-D41E-4B19-9445-73B14E736E3E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2FDD6FE1-60A2-4DF9-86B8-D661CE9F7DF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30EF64F9-6734-42C5-A11A-21732C7355E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31882A2D-9F6A-4952-BB7B-7B436F28C4EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{35322ADE-C676-4FBF-A350-B7A2E6E7DB9A}" = lport=3306 | protocol=6 | dir=in | name=mysql56 | 
"{3661D297-37E8-4704-9216-EABD590A15F0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{43A2F24D-102C-42CA-8859-E27FAFFF3E22}" = rport=138 | protocol=17 | dir=out | app=system | 
"{469A91CA-423A-4585-B95B-8A9F0F225589}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5CBDEC3D-F2AC-4259-B6DC-902E5F193AD6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5D946210-21CC-463B-A715-176A3AEB5232}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{6694CFE9-6A8A-431B-B639-B0847AF3CABD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6F9A51B1-69E2-4DB0-9DA8-04EB068865FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92EB1244-8364-414C-8DA8-9420E88F415D}" = lport=58518 | protocol=17 | dir=in | name=pando media booster | 
"{A487C597-B8F6-4065-B8DE-F798D21F87EC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AAABDF1F-9538-4F11-AC77-EEB238DCCDA2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BB6E5507-DEF7-46D1-BB26-1ABFAEEDD79F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BDE317A1-F3C5-4F37-BD9E-60DB8DB9F6A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C40C7D33-28CA-4DCC-8492-B89A7B51BDE7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5BE81CB-7152-49C9-A2EC-C8672B7EC97D}" = lport=58518 | protocol=6 | dir=in | name=pando media booster | 
"{CC24A531-0C93-4046-B4CE-BD58FD39639A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D4437D90-BCCE-4F47-B65F-0461467F1350}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D87D7D7E-36EA-43BA-A9DC-9F6766DD58F2}" = lport=58518 | protocol=17 | dir=in | name=pando media booster | 
"{DDCF6EC7-41CD-4CD8-99C0-B421AF6D70B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E1DBE51C-FA26-460E-857D-E4F8E471B85D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7441B57-AC04-4EDE-8F57-F0BA9609739E}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{E8017DE3-9BEC-4AFA-81CD-04B2C06915B2}" = lport=58518 | protocol=6 | dir=in | name=pando media booster | 
"{F58A48DB-77A9-44AA-B9F9-92CA04E37A61}" = lport=3306 | protocol=6 | dir=in | name=mysql56 | 
"{F725F726-AE33-40F4-B824-71B0599B40AA}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AA57C8-342F-4E2D-BA87-8367F0B8BC72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{01B29E8E-2515-4F90-98F6-3EAA47094309}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{01E40CC6-49D4-42D5-9DEB-BAE58BAD701D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{033435EB-E1A8-41D8-BD1A-DF4159C8A8EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | 
"{04EB1F92-13C0-4E56-B110-43984C52F50D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | 
"{0650A467-059D-4604-B27B-D5EA62CF35D7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe | 
"{07AC368B-DC9F-4190-80CD-57FEAECD5AE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{07EB781D-691A-4C51-A159-EE61C46D45C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{07ED77B0-53D6-4B95-A960-80B97601A50F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{08CD98AD-465D-4299-88A3-5151006B4A39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{0BD8D5AC-800D-462A-8F9D-5AE083EF3481}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{0E295306-ADBB-4BC4-B3C1-D462EB07192F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{12E6FFFC-FB57-4202-A76D-211B93886E6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{1462BDB1-AE7E-4BED-9D3E-45AD1CAAC6E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{14E97342-3B89-4B66-BF43-398C8F5B5EA7}" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\utorrent\utorrent.exe | 
"{1523606D-2643-470E-AF66-1B6134E082DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{16464AB5-B026-41B1-BD67-FF6199614D79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe | 
"{16556761-09D2-4517-85B3-17551EB5D5C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{1795C401-5A3D-4ADD-AC2F-E8355A59C0ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{17CAC3ED-627C-4487-A1A5-D62462932B81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{1C7EB2A5-5783-4F91-B34A-9B358E2183ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{1CAF33D4-12F3-4BE6-82E2-130AF32F2541}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1DFD96CE-7317-4E19-86E5-8B0D41ED3907}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{2296D6BE-5C73-43B1-903B-C4E935B147AF}" = protocol=6 | dir=out | app=system | 
"{2432A139-5C57-4AF5-975D-74F17B30D6CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{2547403F-1728-4ADE-8BFC-5F610FAAD7EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{27E409A2-99C9-4855-9CBF-8620EB55D7C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2915143A-6558-4BA9-9FDF-EE91DC395CBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe | 
"{29A901E3-5167-444C-BB9C-BD86E383102D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A9D3227-7C08-4EAC-8C52-B0197AD23983}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2AAD0741-6A47-4E0A-8626-C7A95925DBE7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2F50D628-E08F-4569-95EB-35C14DFFAE60}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{31281063-5D18-4222-B2DA-5F7365CFBE87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{314433AA-B56B-410B-9782-EF1A6897E924}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{320E0F5D-E325-49C2-880F-275724594C4B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{32587F9F-DBE0-4689-98A5-E84BC9EECB69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{333589E4-C1B4-4A11-8067-51BE4A98FEC5}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe | 
"{367CE23C-4500-4320-9979-192678FB07B0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{37445591-0670-47D9-9FAC-01B7151DE4FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{3815F8A0-4A2B-481B-854F-71070801A254}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{385E8AC9-8978-48BF-88C0-BB5F20F59EB9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{385EED59-0C22-4FA4-8D61-336D3166F3A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{3ABADCDE-16D2-4240-8077-5B043F360FA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
"{3C4E0550-CF16-44F9-A8A4-06DE141C9434}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{3E2AA707-D6B5-49A4-898E-C03930DF51C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{3EBCD985-80D3-498E-B2BC-25B424EB6665}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
"{3F10D0CF-65A7-49FD-9ECB-008A473D33B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{3FBF4FD6-FE5B-4810-8648-6E3E1AF50262}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{3FF87868-6E04-455F-AE0C-58674F4AB8C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4136FC50-60D6-4E01-B4CA-22EAFAE660AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{41414BEE-8DE2-40AF-BEFF-9B24CCD00839}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{415E1580-C572-4954-9D44-31A2E3083006}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe | 
"{4256BCF3-D715-4C52-B275-A7A071212B92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{429EB0B2-468A-4F09-9E4F-F147484FD8D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{42D2C805-A96E-45AF-879D-68AB9A4CB17E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{4353D7FC-B928-4225-8D7A-CDF378481A04}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4361F9E4-8EEA-4317-A477-3C9F03A9B891}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{44CF290D-63E7-4869-9C37-CE5F591F94D3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe | 
"{45ADA0EC-EA41-4D8D-BD3E-C23A535813BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{46782EA4-5DD9-4AFA-A1BA-8F31C88DF0DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{48EFBD03-393C-4987-BBAB-2CBC6DFCDB55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{4AA7A8AC-D4D8-414E-B520-81031F5A59B5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4B4283E1-15AE-458C-998A-8988545C9A0A}" = protocol=17 | dir=in | app=c:\program files\lightworks\ntcardvt.exe | 
"{4C92313E-F53A-4C3B-86A7-DB92222DA263}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4D94B03D-BDCE-4624-89F7-21D1C605DBC0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4EA450AE-F2F2-4AEE-A0F4-19DF7E2B81FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{4F2CF171-E21A-4BAE-9AFC-2AB405D08306}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{4FD6B307-A57F-43CE-827B-AB2018D52541}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{50446B70-BCFD-420D-BB84-8BD592902C60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{50C49267-6C29-4D9F-861A-9ED4F6BA08C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{51AFB367-848C-4F59-9286-8AD6D59C3BB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{52AD1E5D-4737-4A38-A4F0-CF55926EEF84}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{56E80578-5AF7-4A2B-9C65-5F76B1FCA934}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{574899BF-6D8C-4935-B24D-523F6776E35F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{5D4BAFA8-4517-4F3D-A412-20536E070B13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{5D4F7A08-DB0D-4704-8F84-7C539E33578A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{61AFF228-E3A5-41F9-8052-CEF270315DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{630671A5-6C91-4063-95A0-634D9B98722C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{63F907EB-393A-4AB3-994A-867CA8F442DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{67E36CEA-6417-40B3-8205-CE0D83285FAA}" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe | 
"{67F15A34-F1C1-4007-B4F1-E07BBD89261E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{68A2C193-D28A-4E2D-B724-7F0B1088B7CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{69FBFFEF-B417-44B3-8472-EE30598BD608}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{6A5E110E-AFC0-4F74-931F-7F7C15875CF3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C1DE611-8867-4484-ACC8-D596CC756B85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{6C91FC86-977E-4DBE-B2FF-608B74932C13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{6D600C4D-89E7-4A5E-8E17-54B28DF8CA01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{6DB617B3-680F-4D82-8D72-DD0BCE77AD43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{6F0F9924-40E6-4D1D-ACE5-55719A9F227C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{706AE50E-ABC6-45C1-9FB6-DCB8DEF743CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe | 
"{74B10239-4AEC-4955-A420-F556F1A488F8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{763D4F60-F751-4D77-848C-3EA96F32CB33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{77009FC4-F8B6-49B3-A8EA-AEDD62669FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{771564E5-F3F9-4011-B7AA-D4393D9708E6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{77717BA4-C2F5-400B-9F26-71CEBD946CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{77EA9288-B0A7-49EA-8CFF-3EBA2B0E31D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe | 
"{785D5E38-9DF1-40A7-B72E-F79EB286B692}" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe | 
"{79D96127-548D-4FC7-BB1C-C11AD3713491}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{7BD52597-A2A6-4BA0-B303-01421354CF6A}" = protocol=6 | dir=in | app=c:\program files (x86)\airlink101\airlink101 wlan monitor\rtwlan.exe | 
"{7CB673D8-1459-4E90-8209-941A83B1BC17}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7FD16C16-3642-4A47-8105-6A1132A20433}" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\utorrent\utorrent.exe | 
"{818CA2BA-0F79-4456-8A23-591A627C38D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{8191D60D-74ED-42CA-BD66-4C72E59D7F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{82F8BFD4-3488-4E45-8BF1-3AC7DFF68909}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kairo\kairo.exe | 
"{83644AC5-AFCD-4247-8100-0FA866B47E86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{847F44A1-3117-4131-817B-3BAEE364945C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{8601F15D-3077-49CB-A06B-E686598D4670}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{87711BF7-7487-4799-87F4-D8128D8AD268}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{8D427D4F-E159-40A5-B18F-58D031110991}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{8D9E60CB-8C21-431A-B76E-5D3320BD609F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe | 
"{8FF1727D-FAED-4A14-8DA7-2F56F9A00A67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{91CD58C5-E46A-49F7-BA49-5AEB105B6C75}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{921D4C47-02A5-4D2F-9323-A5C2E8F7EDD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ball\binaries\win32\theball.exe | 
"{92A7F277-54A2-474D-BCDF-9D9C61448049}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{92FE739B-8927-4FA8-B769-F6A847A41DFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{931CB197-748C-4AC3-AAAF-BA4B1661D296}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe | 
"{93842C3D-654E-4DBF-90EA-C17F7919E6DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{93CAA923-13F1-4F51-8EAF-474C2DF574D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95843488-D289-47CA-A68C-DF87BE7B36D6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{97B60673-9338-4F13-B8ED-03115D4F969E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{97BB61EE-AFC6-42E4-B8F6-9F359C1288C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{996E39FA-3E09-4831-9F4A-2C90B92EA7DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{9B9DB794-E2CA-4F80-9BBE-B8821536B8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{9E6E4A2C-BAAD-4D8A-AC0F-D97ACF4C89F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{A0321AA0-A773-4E9B-B82F-3E285AC20618}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{A0383C63-8D59-4772-A411-5B05C4AE6769}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{A04B7AF7-2ED3-4220-80A0-3DC2CDDC1080}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe | 
"{A17C253D-7537-4B2F-925F-AD43FCC7FBD3}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A22F3C68-C3CB-407F-97CD-575159CA6021}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A6450DEC-0881-410E-8C02-63362FC38A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A67C7F2E-A448-46F3-BC7E-A98687D0FC3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ball\binaries\win32\theball.exe | 
"{A736D2A9-43DA-446A-BE33-59D288960237}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AB30C88A-AA66-4E3A-8DCF-44B0386831E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{AE7FCCF1-477D-46A5-AB41-998D7BE93ABA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{AFAA104D-355F-4765-80C2-0D545BD31983}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kairo\kairo.exe | 
"{B011D113-70EE-4CFB-8EA3-BC14B64A6087}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B1EDFB32-F4A5-4728-A503-A9B96D1A7E2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B21B93C0-8C66-4DB2-920F-0AF0B45FE820}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B2355620-BDE9-473D-B812-899DC91D67BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B2677740-7416-45D2-B3B1-F1DC2C12B521}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe | 
"{B2A5D827-B6B2-453A-86FF-BAB0616E9720}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{B2FEC9F1-AF1C-4DB2-B3BA-0B75971A6048}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B30D7C0E-10D7-4A88-9F82-92B149DDD297}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kairo\kairo.exe | 
"{B4F56441-A826-4D82-8C05-99C110BC58DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{B60AE2F7-CC15-4724-B1BD-37EE28D36524}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{B6FD2EE7-1F99-42C7-B0DB-017F7E21F4B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{B7801B89-B330-4060-A64C-54052175ACBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{B7E9F12F-6DA9-48CB-8D25-1C83C929D965}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{B7F08398-33E1-4A75-A10D-740ED7D5C841}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BD7915C1-4C00-4F5C-909D-704407C9975E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{C08A37A2-5AF9-4982-BA19-6D8559851960}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{C2E12584-A106-4FC0-91B8-3D0B7C68DCAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{C3387A59-FE3D-4BA6-B521-D6AA4C7F26C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{C500BB03-3AED-44D4-96C8-1AC8F4AD0F79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C6D62E21-1B3E-4673-99FC-1BE41A70C9AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{C8488498-F9A9-4432-B29F-3058A880AB92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C93DB7E1-288C-495C-A6D4-DEB3A271292E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{CC4559D0-5A5A-42DA-8353-453F63B60465}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CDEB7F57-8779-4321-BDED-85E8B010B452}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CE44F49B-64CB-462C-9D24-D34E1FDF29C3}" = protocol=6 | dir=in | app=c:\program files\lightworks\ntcardvt.exe | 
"{CED1F8B1-62A0-43D6-A8B4-1E7ACC01910E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{CFAA7F02-C37F-46A9-BA11-E2E7F905BD1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CFD50F9E-F990-4B6E-8ACE-3F5BBA65D693}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{D0583B74-D145-47C9-9B2E-7FB0CDCE6166}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{D158E1A3-9CB6-47C2-B2A2-6B605A40C9BD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D23BC65C-4E2E-41D0-A82D-648595DC246D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe | 
"{D4AE7E2A-D4A7-4007-BDDF-72CC1CDEF6FB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe | 
"{D642F3D0-2741-4D82-856D-DC6F780DB0F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{D747B0E8-F038-4D81-8EEC-CF913CE9AB0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{DA0F3C9B-CAD3-49AA-9B75-CA4EB25DCDD4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DA14E7AB-C97A-46E0-ACD3-173E7979D609}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{DA2B2E06-9A46-43CC-B576-EAE6440209D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{DA861DE0-3DF1-45FB-AF10-FD22F1A167F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{DAC45C5D-4E73-4A66-9494-841C10040FBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kairo\kairo.exe | 
"{DCF7A36A-9D6E-4AE1-9E67-95FB4CCC5159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCFC7A33-EB98-4B8F-ACC5-1AE60CF64B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{DD0EBAE6-E889-4229-B4F2-C3D7D4496D48}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{DDFB1789-EBCA-47C2-A2AD-3BC66834B447}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{DF691C33-E3CE-40C2-997C-C786E4BC24B5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E0E8B006-AE9B-43D9-996D-CD1363024758}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{E10CFEF1-09A9-43C1-8330-F3752C35E6D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{E1347B22-DFA7-42BF-9A1A-1487D7FD4AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{E22AC790-F614-40B8-93AB-1D8990CD2A48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{E2671856-3F7F-44CA-97A0-99D852384BDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{E42DE4C0-F767-41A8-80F8-6213396E09BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{E6AC72A9-F769-41AB-B67A-30C840A13772}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{E8DF6C50-7AD3-48BF-8850-305A45291DA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{E9B49E17-45AB-42AA-8B02-66C62632030A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{EAC32D6E-5042-4F40-9E92-2C4B440801B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{EC060050-C101-4C55-BB3C-D813DA43C74B}" = protocol=17 | dir=in | app=c:\program files (x86)\airlink101\airlink101 wlan monitor\rtwlan.exe | 
"{ECCFDCE3-C3D5-4E64-B859-F4B678FFC1EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{ED3DBE51-6376-4568-BC98-438206B12A8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{ED89C697-8ED2-40E0-8EA7-F5BF85429937}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{F4DDFEA1-F436-4DAC-9CF8-57FBBA5E46B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F555B14F-C616-4F6F-A305-60A94E4EBD91}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F5FDAF2A-84D6-436A-A07F-DCCB72540B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{F7086F45-F48D-495A-990E-919D5FE653A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe | 
"{F7535FF6-A5D3-42DF-B097-387D3C4FF92F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{F7626192-E52A-4E3F-B31D-24ED21DC8401}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe | 
"{F80D5940-0A06-44EF-A006-4061DD87F69D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{F8119580-688C-4987-9D1C-BD1F3E6BE82F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe | 
"{F832F5B4-43D5-4BDA-A061-7DE700101169}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{F9BFD053-4F35-43AF-8695-DCD9AC76CC00}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{FA726C4D-CC04-482A-8C22-7F920980ABAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{FC057141-B575-4AA2-9C21-E16E5B1B2468}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{FD23A723-30CD-421F-B144-F1BC5FE9A841}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FE9231A1-3428-4BFE-8AB6-1F8CA4A134F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{FEAB8E8A-6AA2-4292-84E0-34CFFBE47626}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{FFAF001D-B340-44D5-A681-61FABAED8B60}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"TCP Query User{0B5063CD-EA95-4567-A9D6-D541FE54D616}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{4B2B6B27-5A89-4A09-AF22-34BA56BED3A3}C:\users\matt\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{62825B85-1363-490D-A089-CE94D0459F53}C:\program files (x86)\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"TCP Query User{81541B81-2EB3-442D-AEA9-504DF3DDCEC8}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | 
"TCP Query User{8AECE293-9FE4-4F51-9A0B-BD9370F225E6}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{9548518B-0610-4A6E-A0C1-AB17C44E58AA}C:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{BECFD5E4-271D-460A-95C1-4463021A3E52}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | 
"TCP Query User{C532EB44-43D4-477F-B8D1-35D30D6C9E5E}C:\program files (x86)\steam\steamapps\sczombie\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\sczombie\team fortress 2\hl2.exe | 
"TCP Query User{D6E8534A-685C-48E2-BAD6-5871F542501D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{22F5F71C-C234-4681-A61F-BE6607FAD274}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | 
"UDP Query User{6D9DF040-F805-4FF1-BB16-EC3FBA469BBD}C:\users\matt\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{71E4F51C-71FD-4C8B-8D79-2B9103F52462}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{90DCB496-84A8-48CE-BB24-635061819531}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{9DCDAFD3-CD82-44A1-928E-56B43FD4B1A8}C:\program files (x86)\steam\steamapps\sczombie\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\sczombie\team fortress 2\hl2.exe | 
"UDP Query User{BF37D96A-9DE5-46D9-811B-824EF2F0FA22}C:\program files (x86)\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"UDP Query User{D2039330-804E-4E1F-9947-B689AA70BB72}C:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{DAE31AC9-5615-4676-BC03-4CD5976168C0}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | 
"UDP Query User{ED490E95-853A-443F-8CE2-4ABD4A266ACB}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
"{0A5ECFE1-0CDE-4D35-9B25-EEA3CEF5FF7F}" = MySQL Connector/ODBC 5.2 64bit (commercial edition)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{3607CBFF-3DC7-35E2-A78C-2A3BE1B72022}" = Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
"{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55B348BE-A3BE-9AE7-58BD-BE45B9A28F82}" = AMD Media Foundation Decoders
"{5B73E1AA-CA9D-E76A-2F2D-E0EFB41CE087}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B01875AA-1BD4-5B9F-D2B9-23D909F4280B}" = AMD Drag and Drop Transcoding
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E54A949B-C4AE-28B6-EC97-FCB9E402D338}" = ccc-utility64
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EA85C27D-2873-4DFF-A141-C2FF74CB0E2E}" = MySQL Connector C++ 1.1.3
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EFF8B799-99E2-44EF-A5D2-A0BE624C1A72}" = MySQL Enterprise Backup 3.8.2
"{F41C2CEA-18AA-4F4C-8387-D096BCCE3DE0}" = MySQL Server 5.6
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.3
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish
"{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = Catalyst Control Center
"{38DCF0DA-3E89-414B-91A0-1B76DA285EAE}" = MySQL Installer
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4093DDD7-84DD-411E-95AF-3C47A83EC78C}" = MySQL Documents 5.6
"{4119D310-9923-4112-A4EA-26D666C07D85}" = MySQL Connector Net 6.7.4
"{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese
"{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish
"{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5236C5F0-9539-49DB-829A-D2C964F455D3}" = Ableton Live 8
"{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C123499-0AAB-4a0c-A916-1D23144F45EB}" = Airlink101 WLAN Monitor
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A071F478-73E0-4143-AE55-4DD6BABD74F5}" = Far Cry 3 Blood Dragon
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian
"{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech
"{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French
"{CFAB3721-549D-4827-A4E8-7F90192114AB}" = Battlefield 4™ Beta
"{CFD45889-6B27-4294-AB5D-27287097C6D6}" = MySQL Workbench 5.2 SE
"{D0913C38-01D8-4759-A19D-5B536DA8697A}" = MySQL Connector J
"{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DDAFC46A-90E2-11E2-B700-984BE15F174E}" = Evernote v. 4.6.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2DA4B78-83A1-4D97-87B8-57751BD0EC61}" = MySQL Examples and Samples 5.6
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"3309-7404-0599-8908" = yEd Graph Editor 3.10.2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cockatrice" = Cockatrice
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.6.0.2
"GOGPACKSSHOCK2_is1" = System Shock 2
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastFM_is1" = Last.fm Scrobbler 2.1.36
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"SendToKindle" = Amazon Send to Kindle
"ShopAtHome.com BrowserAppCore Service Chrome" = ShopAtHome.com BrowserAppCore Service Chrome
"Steam App 105600" = Terraria
"Steam App 108710" = Alan Wake
"Steam App 12900" = Audiosurf
"Steam App 202750" = Alan Wake's American Nightmare
"Steam App 203160" = Tomb Raider
"Steam App 207080" = Indie Game: The Movie
"Steam App 208580" = Star Wars: Knights of the Old Republic II
"Steam App 213850" = Magic 2014 
"Steam App 22300" = Fallout 3
"Steam App 22380" = Fallout: New Vegas
"Steam App 233230" = Kairo
"Steam App 238960" = Path of Exile
"Steam App 241600" = Rogue Legacy
"Steam App 24980" = Mass Effect 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 35460" = The Ball
"Steam App 4000" = Garry's Mod
"Steam App 40800" = Super Meat Boy
"Steam App 440" = Team Fortress 2
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7670" = BioShock
"Steam App 8850" = BioShock 2
"Steam App 8870" = BioShock Infinite
"Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
"Stencyl" = Stencyl
"Uplay" = Uplay
"VisualBee" = VisualBee
"VLC media player" = VLC media player 2.1.1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Flux" = f.lux
"MusicManager" = Music Manager
"Search Protection" = Search Protection
"Spotify" = Spotify
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/4/2014 5:40:55 PM | Computer Name = LaComputadora | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
 Visual Studio 9.0\VC\bin\ia64\pgocvt.exe".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/4/2014 5:41:02 PM | Computer Name = LaComputadora | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
 Visual Studio 9.0\VC\bin\ia64\pgomgr.exe".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/4/2014 5:41:09 PM | Computer Name = LaComputadora | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
 Visual Studio 9.0\VC\bin\ia64\pgosweep.exe".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/4/2014 8:24:01 PM | Computer Name = LaComputadora | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/4/2014 8:24:01 PM | Computer Name = LaComputadora | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 1/4/2014 8:24:01 PM | Computer Name = LaComputadora | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 1/5/2014 2:29:05 AM | Computer Name = LaComputadora | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 1/5/2014 2:30:49 AM | Computer Name = LaComputadora | Source = WinMgmt | ID = 10
Description = 
 
Error - 1/5/2014 2:31:45 AM | Computer Name = LaComputadora | Source = Application Error | ID = 1000
Description = Faulting application name: Rainmeter.exe, version: 3.0.0.1904, time
 stamp: 0x5173fdcb  Faulting module name: ole32.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7c92c  Exception code: 0xc0000096  Fault offset: 0x0000000000182948  Faulting
 process id: 0x1170  Faulting application start time: 0x01cf09df8c43631b  Faulting application
 path: C:\Program Files\Rainmeter\Rainmeter.exe  Faulting module path: C:\Windows\system32\ole32.dll
Report
 Id: 0bd86953-75d3-11e3-8ba8-0024211eaa99
 
Error - 1/5/2014 2:31:45 AM | Computer Name = LaComputadora | Source = Application Error | ID = 1005
Description = Windows cannot access the file  for one of the following reasons:  there
 is a problem with the network connection, the disk that the file is stored on, 
or the storage  drivers installed on this computer; or the disk is missing.  Windows
 closed the program Rainmeter because of this error.    Program: Rainmeter  File:     The 
error value is listed in the Additional Data section.  User Action  1. Open the file
 again.  This situation might be a temporary problem that corrects itself when the
 program runs again.  2.  If the file still cannot be accessed and   - It is on the network,
your
 network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for  further assistance.    Additional Data  Error value: 00000000  Disk 
type: 0
 
[ System Events ]
Error - 9/19/2013 1:04:58 PM | Computer Name = LaComputadora | Source = DCOM | ID = 10010
Description = 
 
Error - 9/19/2013 6:30:25 PM | Computer Name = LaComputadora | Source = bowser | ID = 8003
Description = 
 
Error - 9/19/2013 6:48:52 PM | Computer Name = LaComputadora | Source = bowser | ID = 8003
Description = 
 
Error - 9/20/2013 12:59:40 PM | Computer Name = LaComputadora | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 9/20/2013 8:48:38 PM | Computer Name = LaComputadora | Source = bowser | ID = 8003
Description = 
 
Error - 9/21/2013 12:31:32 PM | Computer Name = LaComputadora | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 9/22/2013 12:09:39 PM | Computer Name = LaComputadora | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 9/22/2013 2:28:27 PM | Computer Name = LaComputadora | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 9/23/2013 4:34:55 PM | Computer Name = LaComputadora | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:54:09 PM on ?9/?22/?2013 was unexpected.
 
Error - 9/23/2013 4:34:57 PM | Computer Name = LaComputadora | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
 
< End of report >

Attached Files

  • Attached File  MBR.zip   595bytes   172 downloads


#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 05 January 2014 - 09:04 PM

Hi sirscrambles,

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Ask.com
  • VisualBee
=========================

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C}
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C}
    IE - HKCU\..\SearchScopes\{51EF8EDE-C7E2-4EA7-BCFB-636A4DC76E99}: "URL" = http://websearch.ask...70-370B7A80C8F5
    IE - HKCU\..\SearchScopes\{5AD71A63-605A-4BBE-94AA-A0131319E20C}: "URL" = http://search.condui...2610302051&UM=2
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
    FF - prefs.js..keyword.URL: "http://search.condui...745192&UM=2&q="
    [2013/06/22 09:30:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\toolbar@ask.com
    [2013/06/22 09:30:05 | 000,002,308 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\askcom.xml
    [2013/12/13 16:12:58 | 000,001,005 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\conduit.xml
    O2:64bit: - BHO: (VisualBee) - {11111111-1111-1111-1111-110311391106} - C:\Program Files (x86)\VisualBee\VisualBee-bho64.dll (VisualBee)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKCU..\Run: [ConduitFloatingPlugin_oiffmnkajgkhjjchngmajlomfdhfjdma] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Temp\CT3287810\plugins\TBVerifier.dll",RunConduitFloatingPlugin oiffmnkajgkhjjchngmajlomfdhfjdma File not found
    O4 - HKCU..\Run: [SearchProtection] C:\Users\Matt\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
    [2013/12/13 16:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisualBee
    [2013/12/13 16:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
    [2013/12/13 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Conduit
    [2013/12/13 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2014/01/04 22:29:43 | 000,001,928 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
    [2014/01/04 22:29:42 | 000,001,320 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job
    [2014/01/04 22:29:16 | 000,002,050 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
    [2014/01/04 22:29:10 | 000,001,224 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job
    [2014/01/04 22:29:10 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • OTL fix log
  • AdwCleaner[S0].txt
  • JRT.txt
  • Fresh OTL.txt
  • What symptoms are you experiencing?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 sirscrambles

sirscrambles

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 06 January 2014 - 02:23 PM

OTL fix log:
 
OTL logfile created on: 1/6/2014 10:36:54 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.97 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 70.33% Memory free
15.93 Gb Paging File | 12.99 Gb Available in Paging File | 81.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 505.90 Gb Free Space | 54.32% Space Free | Partition Type: NTFS
 
Computer Name: LACOMPUTADORA | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Matt\AppData\Roaming\Search Protection\SearchProtection.exe (Spigot, Inc.)
PRC - C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe (ShopAtHome.com)
PRC - C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe (Realtek)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Users\Matt\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Users\Matt\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (MySQL56) -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Realtek11nCU) -- C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe (Realtek)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BIOS) -- C:\Windows\SysNative\drivers\BIOS64.sys (BIOSTAR Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (rtlss) -- C:\Windows\SysNative\drivers\rtlss.sys (Realtek Semiconductor Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (BIOS) -- C:\Windows\SysWOW64\drivers\BIOS64.sys (BIOSTAR Group)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 97 B0 F1 37 3F CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{34101CA4-CE22-4C55-9DC5-F1A3D8E42DAB}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{51EF8EDE-C7E2-4EA7-BCFB-636A4DC76E99}: "URL" = http://websearch.ask...70-370B7A80C8F5
IE - HKCU\..\SearchScopes\{5AD71A63-605A-4BBE-94AA-A0131319E20C}: "URL" = http://search.condui...2610302051&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js
 
========== FireFox ==========
 
FF - prefs.js..CT3287810.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.11 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "VisualBee V.11 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://search.condui...745192&UM=2&q="
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/22 11:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 15:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 15:14:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/05/02 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/01/06 10:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions
[2013/12/13 16:12:58 | 000,000,000 | ---D | M] (VisualBee V.11) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\{7093ee04-f2e4-4637-a667-0f730797b3a0}
[2013/06/22 09:30:05 | 000,002,308 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\askcom.xml
[2013/12/13 16:12:58 | 000,001,005 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\conduit.xml
[2013/09/27 09:00:49 | 000,000,915 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\yahoo.xml
[2013/08/16 15:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/16 15:14:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Google Docs = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AutocardAnywhere = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobkhgkgoejnjaiofdmphhkemmomfabg\2.2.44_0\
CHR - Extension: AdBlock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: avast! WebRep = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: RSS validate! = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\0.1_0\
CHR - Extension: Google Wallet = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrowserAppCoreService] C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe (ShopAtHome.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Matt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_oiffmnkajgkhjjchngmajlomfdhfjdma] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Temp\CT3287810\plugins\TBVerifier.dll",RunConduitFloatingPlugin oiffmnkajgkhjjchngmajlomfdhfjdma File not found
O4 - HKCU..\Run: [F.lux] C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SearchProtection] C:\Users\Matt\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00584BFE-D7C8-4F6A-9BE1-CC26039FFCC1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15FAAF80-846E-4EA1-87B7-ED6413C2C560}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8ac015f-1191-11e3-8bd9-0024211eaa99}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ac015f-1191-11e3-8bd9-0024211eaa99}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/06 10:35:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/01/04 22:50:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\pictures
[2014/01/04 22:43:44 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR (1).exe
[2014/01/04 22:34:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/01/04 10:28:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Skyrim
[2014/01/04 10:28:12 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2014/01/04 10:28:12 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2014/01/04 10:28:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2014/01/04 10:28:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2014/01/04 10:28:10 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2014/01/04 10:28:10 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2014/01/04 10:28:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2014/01/04 10:28:09 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2014/01/04 10:28:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2014/01/04 10:28:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2014/01/04 10:28:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2014/01/04 10:28:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2014/01/04 10:28:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2014/01/04 10:28:06 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2014/01/04 10:28:05 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2014/01/04 10:28:05 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2014/01/04 10:28:04 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2014/01/04 10:28:04 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2014/01/04 10:28:02 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2014/01/04 10:28:02 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2014/01/04 10:28:02 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2014/01/04 10:28:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2014/01/04 10:28:01 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2014/01/04 10:28:01 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2014/01/04 10:28:01 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2014/01/04 10:28:01 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2014/01/04 10:28:01 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2014/01/04 10:28:00 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2014/01/04 10:28:00 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2014/01/04 10:28:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2014/01/04 10:28:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2014/01/04 10:27:59 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2014/01/04 10:27:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2014/01/04 10:27:59 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2014/01/04 10:27:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2014/01/04 10:27:57 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2014/01/04 10:27:57 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2014/01/04 10:27:57 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2014/01/04 10:27:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2014/01/04 10:27:57 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2014/01/04 10:27:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2014/01/04 10:27:56 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2014/01/04 10:27:56 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2014/01/04 10:27:55 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2014/01/04 10:27:55 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2014/01/04 10:27:54 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2014/01/04 10:27:54 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2014/01/04 10:27:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2014/01/04 10:27:54 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2014/01/04 10:27:54 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2014/01/04 10:27:54 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2014/01/04 10:27:53 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2014/01/04 10:27:53 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2014/01/04 10:27:52 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2014/01/04 10:27:51 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2014/01/04 10:27:51 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2014/01/04 10:27:51 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2014/01/04 10:27:51 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2014/01/04 10:27:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2014/01/04 10:27:50 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2014/01/04 10:27:50 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2014/01/04 10:27:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2014/01/04 10:27:49 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2014/01/04 10:27:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2014/01/04 10:27:49 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2014/01/04 10:27:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2014/01/04 10:27:48 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2014/01/04 10:27:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2014/01/04 10:27:48 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2014/01/04 10:27:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2014/01/04 10:27:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2014/01/04 10:27:47 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2014/01/04 10:27:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2014/01/04 10:27:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2014/01/04 10:27:46 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2014/01/04 10:27:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2014/01/04 10:27:46 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2014/01/04 10:27:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2014/01/04 10:27:44 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2014/01/04 10:27:44 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/12/29 11:49:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\NEW MUSIC
[2013/12/29 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\BOOKS
[2013/12/29 10:56:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\OLD PC STUFF
[2013/12/15 01:46:46 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Matt\Desktop\HiJackThis.exe
[2013/12/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Windows
[2013/12/13 16:20:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
[2013/12/13 16:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/13 16:13:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\NativeMessaging
[2013/12/13 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Conduit
[2013/12/13 16:13:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\CRE
[2013/12/13 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/12/13 16:12:58 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\SearchProtect
[2013/12/13 16:12:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\emaze
[2013/12/13 15:22:18 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\12-18 SHOW RECORD_data
[2013/12/13 13:53:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\GWR forever_data
[2013/12/12 18:08:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Star Wars Prequel Trilogy (1999-2005)
[2013/12/12 01:26:06 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 01:26:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 01:26:06 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 01:26:04 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 01:25:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 01:25:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 01:25:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 01:25:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 01:25:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 01:25:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 01:25:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 01:25:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 01:25:13 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 01:25:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 01:25:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 01:25:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 01:25:12 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 01:25:11 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 01:25:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 01:25:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 22:04:12 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 22:04:11 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 22:04:01 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 22:04:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 22:03:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 22:03:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 22:03:39 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 22:03:38 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 22:03:38 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 22:03:37 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 22:03:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 22:03:37 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 22:03:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/06 10:19:57 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/01/06 10:19:48 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 10:19:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 10:19:01 | 2120,007,679 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 19:20:03 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 19:20:03 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 19:09:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/01/05 18:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/05 18:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/05 18:50:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3206978427-3775841784-1250852860-1000UA.job
[2014/01/05 16:37:44 | 000,210,378 | ---- | M] () -- C:\Users\Matt\Desktop\WINTER 2013 FM Proposal-.pdf
[2014/01/05 16:29:07 | 000,013,721 | ---- | M] () -- C:\Users\Matt\Documents\Witching Hour.odt
[2014/01/05 15:31:31 | 000,780,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/05 15:31:31 | 000,660,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/05 15:31:31 | 000,121,386 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/05 00:50:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3206978427-3775841784-1250852860-1000Core.job
[2014/01/04 23:38:49 | 000,000,595 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.zip
[2014/01/04 23:38:10 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/01/04 22:43:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR (1).exe
[2014/01/04 22:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/01/04 22:32:41 | 000,987,410 | ---- | M] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/12/15 01:46:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Matt\Desktop\HiJackThis.exe
[2013/12/14 18:45:55 | 000,152,411 | ---- | M] () -- C:\Users\Matt\Desktop\ERR.png
[2013/12/13 16:13:45 | 000,000,000 | ---- | M] () -- C:\END
[2013/12/13 15:37:05 | 000,159,642 | ---- | M] () -- C:\Users\Matt\Desktop\12-18 SHOW RECORD.aup
[2013/12/13 13:53:46 | 000,397,963 | ---- | M] () -- C:\Users\Matt\Desktop\GWR forever.aup
[2013/12/12 05:56:00 | 000,308,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 14:51:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 14:51:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/01/05 16:24:44 | 000,013,721 | ---- | C] () -- C:\Users\Matt\Documents\Witching Hour.odt
[2014/01/05 15:13:29 | 000,210,378 | ---- | C] () -- C:\Users\Matt\Desktop\WINTER 2013 FM Proposal-.pdf
[2014/01/04 23:38:49 | 000,000,595 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.zip
[2014/01/04 23:38:10 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/01/04 22:32:39 | 000,987,410 | ---- | C] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/12/14 18:45:55 | 000,152,411 | ---- | C] () -- C:\Users\Matt\Desktop\ERR.png
[2013/12/13 16:12:31 | 000,000,000 | ---- | C] () -- C:\END
[2013/12/13 16:12:29 | 000,001,232 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/12/13 15:22:18 | 000,159,642 | ---- | C] () -- C:\Users\Matt\Desktop\12-18 SHOW RECORD.aup
[2013/12/13 13:53:46 | 000,397,963 | ---- | C] () -- C:\Users\Matt\Desktop\GWR forever.aup
[2013/11/30 15:48:44 | 000,007,104 | ---- | C] () -- C:\Users\Matt\AppData\Local\recently-used.xbel
[2013/08/03 11:02:36 | 000,000,477 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/07/31 22:28:58 | 000,773,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/02 11:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/27 11:55:55 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/05/27 11:55:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/05/07 20:35:54 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/04/22 11:43:47 | 000,000,600 | ---- | C] () -- C:\Users\Matt\AppData\Local\PUTTY.RND
[2013/03/28 18:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 18:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/28 17:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/03/28 17:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 00:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/17 08:33:06 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/02/17 08:33:06 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/02/17 08:24:48 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/17 07:32:04 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< :OTL >
 
< IE - HKLM\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C} >
 
< IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) >
 
< IE - HKCU\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C} >
 
< IE - HKCU\..\SearchScopes\{51EF8EDE-C7E2-4EA7-BCFB-636A4DC76E99}: "URL" = http://websearch.ask...70-370B7A80C8F5 >
 
< IE - HKCU\..\SearchScopes\{5AD71A63-605A-4BBE-94AA-A0131319E20C}: "URL" = http://search.condui...2610302051&UM=2 >
 
< FF - prefs.js..browser.search.defaultengine: "Ask.com" >
 
< FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}" >
 
< FF - prefs.js..browser.search.order.1: "Ask.com" >
 
< FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13" >
 
< FF - prefs.js..keyword.URL: "http://search.condui....745192&UM=2&q=" >
 
< [2013/06/22 09:30:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\toolbar@ask.com >
Invalid Switch: 22 09:30:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\toolbar@ask.com
 
< [2013/06/22 09:30:05 | 000,002,308 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\askcom.xml >
Invalid Switch: 22 09:30:05 | 000,002,308 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\askcom.xml
 
< [2013/12/13 16:12:58 | 000,001,005 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\conduit.xml >
Invalid Switch: 13 16:12:58 | 000,001,005 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\conduit.xml
 
< O2:64bit: - BHO: (VisualBee) - {11111111-1111-1111-1111-110311391106} - C:\Program Files (x86)\VisualBee\VisualBee-bho64.dll (VisualBee) >
 
< O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) >
 
< O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) >
 
< O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) >
 
< O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) >
 
< O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) >
 
< O4 - HKCU..\Run: [ConduitFloatingPlugin_oiffmnkajgkhjjchngmajlomfdhfjdma] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Temp\CT3287810\plugins\TBVerifier.dll",RunConduitFloatingPlugin oiffmnkajgkhjjchngmajlomfdhfjdma File not found >
 
< O4 - HKCU..\Run: [SearchProtection] C:\Users\Matt\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.) >
 
< [2013/12/13 16:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisualBee >
Invalid Switch: 13 16:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisualBee
 
< [2013/12/13 16:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit >
Invalid Switch: 13 16:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
 
< [2013/12/13 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Conduit >
Invalid Switch: 13 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Conduit
 
< [2013/12/13 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit >
Invalid Switch: 13 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
 
< [2014/01/04 22:29:43 | 000,001,928 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job >
Invalid Switch: 04 22:29:43 | 000,001,928 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
 
< [2014/01/04 22:29:42 | 000,001,320 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job >
Invalid Switch: 04 22:29:42 | 000,001,320 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job
 
< [2014/01/04 22:29:16 | 000,002,050 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job >
Invalid Switch: 04 22:29:16 | 000,002,050 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
 
< [2014/01/04 22:29:10 | 000,001,224 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job >
Invalid Switch: 04 22:29:10 | 000,001,224 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job
 
< [2014/01/04 22:29:10 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job >
Invalid Switch: 04 22:29:10 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job
 
<  >
 
< :Commands >
 
< [purity] >
 
< [emptyjava] >
 
< [emptyflash] >
 
< [Reboot] >
 
< End of report >
 
 
AdwCleaner[S0].txt:
 
# AdwCleaner v3.016 - Report created 06/01/2014 at 11:52:17
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Matt - LACOMPUTADORA
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Matt\AppData\Local\Conduit
Folder Deleted : C:\Users\Matt\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Matt\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Matt\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Matt\AppData\LocalLow\VisualBee_V.11
Folder Deleted : C:\Users\Matt\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Matt\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\CT3287810
Folder Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\Extensions\{7093ee04-f2e4-4637-a667-0f730797b3a0}
File Deleted : C:\END
File Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserAppCoreService]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287810
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_oiffmnkajgkhjjchngmajlomfdhfjdma]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9600F10-A27F-4A3C-96A2-FC143AD450E9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322392206}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396606}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B9600F10-A27F-4A3C-96A2-FC143AD450E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1929C3DE-4816-430B-B08A-86302E460C2E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CF033E2-92D5-460B-86BB-A893EB14E009}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396606}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.11
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\VisualBee_V.11
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v21.0 (en-US)
 
[ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\prefs.js ]
 
Line Deleted : user_pref("CT3287810.FF19Solved", "true");
Line Deleted : user_pref("CT3287810.UserID", "UN36846742672745192");
Line Deleted : user_pref("CT3287810.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287810.fullUserID", "UN36846742672745192.IN.20131213161256");
Line Deleted : user_pref("CT3287810.installDate", "13/12/2013 16:12:58");
Line Deleted : user_pref("CT3287810.installSessionId", "{42FA9BAB-4964-4B36-950F-75F311838460}");
Line Deleted : user_pref("CT3287810.installSp", "true");
Line Deleted : user_pref("CT3287810.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3287810.keyword", "true");
Line Deleted : user_pref("CT3287810.originalHomepage", "hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff");
Line Deleted : user_pref("CT3287810.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=");
Line Deleted : user_pref("CT3287810.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3287810.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3287810.searchRevert", "false");
Line Deleted : user_pref("CT3287810.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3287810.searchUserMode", "2");
Line Deleted : user_pref("CT3287810.smartbar.homepage", "true");
Line Deleted : user_pref("CT3287810.toolbarInstallDate", "13-12-2013 16:12:56");
Line Deleted : user_pref("CT3287810.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3287810.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.11 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287810&CUI=UN36846742672745192&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "VisualBee V.11 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3287810&CUI=UN36846742672745192&UM=2&SearchSource=13");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287810&SearchSource=2&CUI=UN36846742672745192&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3287810");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287810&CUI=UN36846742672745192&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287810&SearchSource=2&CUI=UN36846742672745192&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287810");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3287810");
Line Deleted : user_pref("smartbar.machineId", "G+NQOPP41MF2Z8ORPJKMP41SCRERZN+BFHE0RLRC4L0JK+FEH0OIYGIXUM94R2R3YRYG3XQTTYQ4ZFZUCDDEFA");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [8644 octets] - [06/01/2014 10:47:37]
AdwCleaner[S0].txt - [8603 octets] - [06/01/2014 11:52:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8663 octets] ##########
 
JRT.txt:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Ultimate x64
Ran by Matt on Mon 01/06/2014 at 11:59:05.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{51EF8EDE-C7E2-4EA7-BCFB-636A4DC76E99}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AD71A63-605A-4BBE-94AA-A0131319E20C}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Matt\appdata\local\cre"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\zk01b52b.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 12:03:45.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Fresh OTL.txt
OTL logfile created on: 1/6/2014 12:10:01 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.97 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 76.84% Memory free
15.93 Gb Paging File | 13.73 Gb Available in Paging File | 86.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 505.44 Gb Free Space | 54.27% Space Free | Partition Type: NTFS
 
Computer Name: LACOMPUTADORA | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe (ShopAtHome.com)
PRC - C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe (Realtek)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Users\Matt\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\Matt\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (MySQL56) -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Realtek11nCU) -- C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe (Realtek)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BIOS) -- C:\Windows\SysNative\drivers\BIOS64.sys (BIOSTAR Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (rtlss) -- C:\Windows\SysNative\drivers\rtlss.sys (Realtek Semiconductor Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (BIOS) -- C:\Windows\SysWOW64\drivers\BIOS64.sys (BIOSTAR Group)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 97 B0 F1 37 3F CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{34101CA4-CE22-4C55-9DC5-F1A3D8E42DAB}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/22 11:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 15:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 15:14:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/05/02 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/01/06 10:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions
[2013/09/27 09:00:49 | 000,000,915 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\yahoo.xml
[2013/08/16 15:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/16 15:14:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Google Docs = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AutocardAnywhere = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobkhgkgoejnjaiofdmphhkemmomfabg\2.2.44_0\
CHR - Extension: AdBlock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: avast! WebRep = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: RSS validate! = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\0.1_0\
CHR - Extension: Google Wallet = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00584BFE-D7C8-4F6A-9BE1-CC26039FFCC1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15FAAF80-846E-4EA1-87B7-ED6413C2C560}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8ac015f-1191-11e3-8bd9-0024211eaa99}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ac015f-1191-11e3-8bd9-0024211eaa99}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/06 11:59:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 11:58:10 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/01/06 10:47:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 10:35:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/01/04 22:50:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\pictures
[2014/01/04 22:43:44 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR (1).exe
[2014/01/04 22:34:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/01/04 10:28:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Skyrim
[2014/01/04 10:28:12 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2014/01/04 10:28:12 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2014/01/04 10:28:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2014/01/04 10:28:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2014/01/04 10:28:10 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2014/01/04 10:28:10 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2014/01/04 10:28:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2014/01/04 10:28:09 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2014/01/04 10:28:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2014/01/04 10:28:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2014/01/04 10:28:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2014/01/04 10:28:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2014/01/04 10:28:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2014/01/04 10:28:06 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2014/01/04 10:28:05 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2014/01/04 10:28:05 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2014/01/04 10:28:04 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2014/01/04 10:28:04 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2014/01/04 10:28:02 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2014/01/04 10:28:02 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2014/01/04 10:28:02 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2014/01/04 10:28:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2014/01/04 10:28:01 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2014/01/04 10:28:01 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2014/01/04 10:28:01 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2014/01/04 10:28:01 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2014/01/04 10:28:01 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2014/01/04 10:28:00 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2014/01/04 10:28:00 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2014/01/04 10:28:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2014/01/04 10:28:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2014/01/04 10:27:59 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2014/01/04 10:27:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2014/01/04 10:27:59 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2014/01/04 10:27:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2014/01/04 10:27:57 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2014/01/04 10:27:57 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2014/01/04 10:27:57 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2014/01/04 10:27:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2014/01/04 10:27:57 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2014/01/04 10:27:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2014/01/04 10:27:56 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2014/01/04 10:27:56 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2014/01/04 10:27:55 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2014/01/04 10:27:55 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2014/01/04 10:27:54 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2014/01/04 10:27:54 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2014/01/04 10:27:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2014/01/04 10:27:54 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2014/01/04 10:27:54 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2014/01/04 10:27:54 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2014/01/04 10:27:53 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2014/01/04 10:27:53 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2014/01/04 10:27:52 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2014/01/04 10:27:51 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2014/01/04 10:27:51 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2014/01/04 10:27:51 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2014/01/04 10:27:51 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2014/01/04 10:27:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2014/01/04 10:27:50 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2014/01/04 10:27:50 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2014/01/04 10:27:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2014/01/04 10:27:49 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2014/01/04 10:27:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2014/01/04 10:27:49 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2014/01/04 10:27:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2014/01/04 10:27:48 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2014/01/04 10:27:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2014/01/04 10:27:48 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2014/01/04 10:27:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2014/01/04 10:27:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2014/01/04 10:27:47 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2014/01/04 10:27:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2014/01/04 10:27:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2014/01/04 10:27:46 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2014/01/04 10:27:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2014/01/04 10:27:46 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2014/01/04 10:27:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2014/01/04 10:27:44 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2014/01/04 10:27:44 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/12/29 11:49:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\NEW MUSIC
[2013/12/29 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\BOOKS
[2013/12/29 10:56:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\OLD PC STUFF
[2013/12/15 01:46:46 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Matt\Desktop\HiJackThis.exe
[2013/12/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Windows
[2013/12/13 16:20:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
[2013/12/13 16:12:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\emaze
[2013/12/13 15:22:18 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\12-18 SHOW RECORD_data
[2013/12/13 13:53:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\GWR forever_data
[2013/12/12 18:08:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Star Wars Prequel Trilogy (1999-2005)
[2013/12/12 01:26:06 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 01:26:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 01:26:06 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 01:26:04 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 01:25:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 01:25:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 01:25:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 01:25:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 01:25:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 01:25:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 01:25:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 01:25:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 01:25:13 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 01:25:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 01:25:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 01:25:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 01:25:12 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 01:25:11 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 01:25:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 01:25:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 22:04:12 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 22:04:11 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 22:04:01 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 22:04:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 22:03:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 22:03:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 22:03:39 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 22:03:38 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 22:03:38 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 22:03:37 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 22:03:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 22:03:37 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 22:03:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/06 12:05:49 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 12:05:46 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/01/06 12:05:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 12:04:52 | 2120,007,679 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/06 11:58:13 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/01/06 11:51:56 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3206978427-3775841784-1250852860-1000UA.job
[2014/01/06 11:51:56 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/06 10:54:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 10:47:06 | 001,233,962 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/01/05 19:20:03 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 19:20:03 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 19:09:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/01/05 16:37:44 | 000,210,378 | ---- | M] () -- C:\Users\Matt\Desktop\WINTER 2013 FM Proposal-.pdf
[2014/01/05 16:29:07 | 000,013,721 | ---- | M] () -- C:\Users\Matt\Documents\Witching Hour.odt
[2014/01/05 15:31:31 | 000,780,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/05 15:31:31 | 000,660,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/05 15:31:31 | 000,121,386 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/05 00:50:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3206978427-3775841784-1250852860-1000Core.job
[2014/01/04 23:38:49 | 000,000,595 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.zip
[2014/01/04 23:38:10 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/01/04 22:43:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR (1).exe
[2014/01/04 22:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/01/04 22:32:41 | 000,987,410 | ---- | M] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/12/15 01:46:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Matt\Desktop\HiJackThis.exe
[2013/12/14 18:45:55 | 000,152,411 | ---- | M] () -- C:\Users\Matt\Desktop\ERR.png
[2013/12/13 15:37:05 | 000,159,642 | ---- | M] () -- C:\Users\Matt\Desktop\12-18 SHOW RECORD.aup
[2013/12/13 13:53:46 | 000,397,963 | ---- | M] () -- C:\Users\Matt\Desktop\GWR forever.aup
[2013/12/12 05:56:00 | 000,308,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 14:51:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 14:51:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/01/06 10:47:03 | 001,233,962 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/01/05 16:24:44 | 000,013,721 | ---- | C] () -- C:\Users\Matt\Documents\Witching Hour.odt
[2014/01/05 15:13:29 | 000,210,378 | ---- | C] () -- C:\Users\Matt\Desktop\WINTER 2013 FM Proposal-.pdf
[2014/01/04 23:38:49 | 000,000,595 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.zip
[2014/01/04 23:38:10 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/01/04 22:32:39 | 000,987,410 | ---- | C] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/12/14 18:45:55 | 000,152,411 | ---- | C] () -- C:\Users\Matt\Desktop\ERR.png
[2013/12/13 16:12:29 | 000,001,232 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/12/13 15:22:18 | 000,159,642 | ---- | C] () -- C:\Users\Matt\Desktop\12-18 SHOW RECORD.aup
[2013/12/13 13:53:46 | 000,397,963 | ---- | C] () -- C:\Users\Matt\Desktop\GWR forever.aup
[2013/11/30 15:48:44 | 000,007,104 | ---- | C] () -- C:\Users\Matt\AppData\Local\recently-used.xbel
[2013/08/03 11:02:36 | 000,000,477 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/07/31 22:28:58 | 000,773,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/02 11:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/27 11:55:55 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/05/27 11:55:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/05/07 20:35:54 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/04/22 11:43:47 | 000,000,600 | ---- | C] () -- C:\Users\Matt\AppData\Local\PUTTY.RND
[2013/03/28 18:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 18:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/28 17:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/03/28 17:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 00:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/17 08:33:06 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/02/17 08:33:06 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/02/17 08:24:48 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/17 07:32:04 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
And I did a couple minutes of browsing to see if the pop-up came back and it hasn't so far. Does this mean I'm cured doc?


#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 January 2014 - 03:18 PM

Hi sirscrambles ,
 

And I did a couple minutes of browsing to see if the pop-up came back and it hasn't so far. Does this mean I'm cured doc?


It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :thumbup:

=========================

You inadvertently didn't complete this step correctly. Copy and Paste the code into the Custom Scan box and select Run Fix.

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C}
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes,DefaultScope = {5AD71A63-605A-4BBE-94AA-A0131319E20C}
    IE - HKCU\..\SearchScopes\{51EF8EDE-C7E2-4EA7-BCFB-636A4DC76E99}: "URL" = http://websearch.ask...70-370B7A80C8F5
    IE - HKCU\..\SearchScopes\{5AD71A63-605A-4BBE-94AA-A0131319E20C}: "URL" = http://search.condui...2610302051&UM=2
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
    FF - prefs.js..keyword.URL: "http://search.condui...745192&UM=2&q="
    [2013/06/22 09:30:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\toolbar@ask.com
    [2013/06/22 09:30:05 | 000,002,308 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\askcom.xml
    [2013/12/13 16:12:58 | 000,001,005 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\conduit.xml
    O2:64bit: - BHO: (VisualBee) - {11111111-1111-1111-1111-110311391106} - C:\Program Files (x86)\VisualBee\VisualBee-bho64.dll (VisualBee)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKCU..\Run: [ConduitFloatingPlugin_oiffmnkajgkhjjchngmajlomfdhfjdma] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Temp\CT3287810\plugins\TBVerifier.dll",RunConduitFloatingPlugin oiffmnkajgkhjjchngmajlomfdhfjdma File not found
    O4 - HKCU..\Run: [SearchProtection] C:\Users\Matt\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
    [2013/12/13 16:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisualBee
    [2013/12/13 16:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
    [2013/12/13 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Conduit
    [2013/12/13 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2014/01/04 22:29:43 | 000,001,928 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
    [2014/01/04 22:29:42 | 000,001,320 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job
    [2014/01/04 22:29:16 | 000,002,050 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
    [2014/01/04 22:29:10 | 000,001,224 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job
    [2014/01/04 22:29:10 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

=========================

In your next post please provide the following:

  • OTL fix log
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 sirscrambles

sirscrambles

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 06 January 2014 - 04:02 PM

Sorry about that, I think I've done it correctly this time:

 

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51EF8EDE-C7E2-4EA7-BCFB-636A4DC76E99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51EF8EDE-C7E2-4EA7-BCFB-636A4DC76E99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5AD71A63-605A-4BBE-94AA-A0131319E20C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AD71A63-605A-4BBE-94AA-A0131319E20C}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://search.condui...earchSource=13" removed from browser.startup.homepage
Prefs.js: "http://search.condui....745192&UM=2&q=" removed from keyword.URL
Folder C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions\toolbar@ask.com\ not found.
File C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\askcom.xml not found.
File C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\conduit.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311391106}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311391106}\ not found.
File C:\Program Files (x86)\VisualBee\VisualBee-bho64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_oiffmnkajgkhjjchngmajlomfdhfjdma not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection not found.
File C:\Users\Matt\AppData\Roaming\Search Protection\SearchProtection.EXE not found.
Folder C:\Program Files (x86)\VisualBee\ not found.
Folder C:\ProgramData\Conduit\ not found.
Folder C:\Users\Matt\AppData\Local\Conduit\ not found.
Folder C:\Program Files (x86)\Conduit\ not found.
File C:\Windows\tasks\VisualBee-chromeinstaller.job not found.
File C:\Windows\tasks\VisualBee-updater.job not found.
File C:\Windows\tasks\VisualBee-firefoxinstaller.job not found.
File C:\Windows\tasks\VisualBee-codedownloader.job not found.
File C:\Windows\tasks\VisualBee-enabler.job not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Matt
->Java cache emptied: 50352 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Matt
->Flash cache emptied: 1101 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01062014_135423


#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 January 2014 - 04:15 PM

Hi sirscrambles,

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================


bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 sirscrambles

sirscrambles

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 06 January 2014 - 07:13 PM

MBAM log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.06.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Matt :: LACOMPUTADORA [administrator]
 
1/6/2014 5:09:12 PM
mbam-log-2014-01-06 (17-09-12).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216531
Time elapsed: 3 minute(s), 28 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

I forgot to export the results from the ESET scan, but it also found 0 threats. I'd prefer to not do another one because it took longer than an hour. Is that okay?



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 January 2014 - 07:41 PM

Hi sirscrambles,
 

I forgot to export the results from the ESET scan, but it also found 0 threats. I'd prefer to not do another one because it took longer than an hour. Is that okay?

 

That's fine. :thumbup:

=========================

bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

  • AdwCleaner[S1].txt
  • Fresh OTL.txt
  • Any remaining symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 sirscrambles

sirscrambles

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 07 January 2014 - 01:31 PM

OTL logfile created on: 1/7/2014 11:22:48 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.97 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 70.02% Memory free
15.93 Gb Paging File | 13.06 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 503.54 Gb Free Space | 54.06% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 327.20 Gb Free Space | 17.56% Space Free | Partition Type: NTFS
 
Computer Name: LACOMPUTADORA | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe (ShopAtHome.com)
PRC - C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe (Realtek)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Users\Matt\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Users\Matt\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (MySQL56) -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Realtek11nCU) -- C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe (Realtek)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BIOS) -- C:\Windows\SysNative\drivers\BIOS64.sys (BIOSTAR Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (rtlss) -- C:\Windows\SysNative\drivers\rtlss.sys (Realtek Semiconductor Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (BIOS) -- C:\Windows\SysWOW64\drivers\BIOS64.sys (BIOSTAR Group)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 97 B0 F1 37 3F CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{34101CA4-CE22-4C55-9DC5-F1A3D8E42DAB}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/22 11:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 15:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 15:14:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/05/02 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/01/06 10:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\extensions
[2013/09/27 09:00:49 | 000,000,915 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\searchplugins\yahoo.xml
[2013/08/16 15:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/16 15:14:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Google Docs = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AutocardAnywhere = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobkhgkgoejnjaiofdmphhkemmomfabg\2.2.44_0\
CHR - Extension: AdBlock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: avast! WebRep = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: RSS validate! = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\0.1_0\
CHR - Extension: Google Wallet = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00584BFE-D7C8-4F6A-9BE1-CC26039FFCC1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15FAAF80-846E-4EA1-87B7-ED6413C2C560}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/14 16:20:22 | 000,000,033 | -HS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{d8ac015f-1191-11e3-8bd9-0024211eaa99}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ac015f-1191-11e3-8bd9-0024211eaa99}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/06 15:43:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\reverse
[2014/01/06 15:37:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Kanye West - Yeezus (Final Release)(320Kbps)(2013)
[2014/01/06 13:54:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/06 11:59:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 11:58:10 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/01/06 10:47:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 10:35:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/01/04 22:50:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\pictures
[2014/01/04 22:43:44 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR (1).exe
[2014/01/04 22:34:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/01/04 10:28:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Skyrim
[2014/01/04 10:28:12 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2014/01/04 10:28:12 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2014/01/04 10:28:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2014/01/04 10:28:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2014/01/04 10:28:10 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2014/01/04 10:28:10 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2014/01/04 10:28:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2014/01/04 10:28:09 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2014/01/04 10:28:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2014/01/04 10:28:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2014/01/04 10:28:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2014/01/04 10:28:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2014/01/04 10:28:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2014/01/04 10:28:06 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2014/01/04 10:28:05 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2014/01/04 10:28:05 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2014/01/04 10:28:04 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2014/01/04 10:28:04 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2014/01/04 10:28:02 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2014/01/04 10:28:02 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2014/01/04 10:28:02 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2014/01/04 10:28:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2014/01/04 10:28:01 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2014/01/04 10:28:01 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2014/01/04 10:28:01 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2014/01/04 10:28:01 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2014/01/04 10:28:01 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2014/01/04 10:28:00 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2014/01/04 10:28:00 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2014/01/04 10:28:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2014/01/04 10:28:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2014/01/04 10:27:59 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2014/01/04 10:27:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2014/01/04 10:27:59 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2014/01/04 10:27:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2014/01/04 10:27:57 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2014/01/04 10:27:57 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2014/01/04 10:27:57 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2014/01/04 10:27:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2014/01/04 10:27:57 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2014/01/04 10:27:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2014/01/04 10:27:56 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2014/01/04 10:27:56 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2014/01/04 10:27:55 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2014/01/04 10:27:55 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2014/01/04 10:27:54 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2014/01/04 10:27:54 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2014/01/04 10:27:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2014/01/04 10:27:54 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2014/01/04 10:27:54 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2014/01/04 10:27:54 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2014/01/04 10:27:53 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2014/01/04 10:27:53 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2014/01/04 10:27:52 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2014/01/04 10:27:51 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2014/01/04 10:27:51 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2014/01/04 10:27:51 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2014/01/04 10:27:51 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2014/01/04 10:27:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2014/01/04 10:27:50 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2014/01/04 10:27:50 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2014/01/04 10:27:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2014/01/04 10:27:49 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2014/01/04 10:27:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2014/01/04 10:27:49 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2014/01/04 10:27:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2014/01/04 10:27:48 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2014/01/04 10:27:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2014/01/04 10:27:48 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2014/01/04 10:27:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2014/01/04 10:27:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2014/01/04 10:27:47 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2014/01/04 10:27:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2014/01/04 10:27:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2014/01/04 10:27:46 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2014/01/04 10:27:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2014/01/04 10:27:46 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2014/01/04 10:27:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2014/01/04 10:27:44 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2014/01/04 10:27:44 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/12/29 11:49:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\NEW MUSIC
[2013/12/29 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\BOOKS
[2013/12/29 10:56:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\OLD PC STUFF
[2013/12/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Windows
[2013/12/13 16:20:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
[2013/12/13 16:12:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\emaze
[2013/12/13 15:22:18 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\12-18 SHOW RECORD_data
[2013/12/13 13:53:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\GWR forever_data
[2013/12/12 18:08:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Star Wars Prequel Trilogy (1999-2005)
[2013/12/12 01:26:06 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 01:26:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 01:26:06 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 01:26:04 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 01:25:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 01:25:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 01:25:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 01:25:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 01:25:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 01:25:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 01:25:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 01:25:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 01:25:13 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 01:25:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 01:25:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 01:25:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 01:25:12 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 01:25:11 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 01:25:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 01:25:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 22:04:12 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 22:04:11 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 22:04:01 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 22:04:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 22:03:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 22:03:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 22:03:39 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 22:03:38 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 22:03:38 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 22:03:37 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 22:03:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 22:03:37 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 22:03:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/07 11:18:51 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/01/07 11:18:39 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/07 11:18:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/07 11:18:11 | 2120,007,679 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/07 10:54:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/07 10:51:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3206978427-3775841784-1250852860-1000UA.job
[2014/01/07 10:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/07 00:50:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3206978427-3775841784-1250852860-1000Core.job
[2014/01/06 17:04:29 | 000,016,057 | ---- | M] () -- C:\Users\Matt\Desktop\cd2.jpg
[2014/01/06 16:58:49 | 000,211,774 | ---- | M] () -- C:\Users\Matt\Desktop\WINTER 2013 FM Proposal- Malmlund & Jones.pdf
[2014/01/06 16:58:19 | 000,013,851 | ---- | M] () -- C:\Users\Matt\Documents\Witching Hour.odt
[2014/01/06 11:58:13 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/01/06 10:47:06 | 001,233,962 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/01/05 19:20:03 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 19:20:03 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 19:09:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/01/05 15:31:31 | 000,780,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/05 15:31:31 | 000,660,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/05 15:31:31 | 000,121,386 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/04 23:38:49 | 000,000,595 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.zip
[2014/01/04 23:38:10 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/01/04 22:43:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR (1).exe
[2014/01/04 22:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/01/04 22:32:41 | 000,987,410 | ---- | M] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/12/13 15:37:05 | 000,159,642 | ---- | M] () -- C:\Users\Matt\Desktop\12-18 SHOW RECORD.aup
[2013/12/13 13:53:46 | 000,397,963 | ---- | M] () -- C:\Users\Matt\Desktop\GWR forever.aup
[2013/12/12 05:56:00 | 000,308,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 14:51:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 14:51:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/01/06 17:04:29 | 000,016,057 | ---- | C] () -- C:\Users\Matt\Desktop\cd2.jpg
[2014/01/06 10:47:03 | 001,233,962 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/01/05 16:24:44 | 000,013,851 | ---- | C] () -- C:\Users\Matt\Documents\Witching Hour.odt
[2014/01/05 15:13:29 | 000,211,774 | ---- | C] () -- C:\Users\Matt\Desktop\WINTER 2013 FM Proposal- Malmlund & Jones.pdf
[2014/01/04 23:38:49 | 000,000,595 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.zip
[2014/01/04 23:38:10 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/01/04 22:32:39 | 000,987,410 | ---- | C] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/12/13 16:12:29 | 000,001,232 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/12/13 15:22:18 | 000,159,642 | ---- | C] () -- C:\Users\Matt\Desktop\12-18 SHOW RECORD.aup
[2013/12/13 13:53:46 | 000,397,963 | ---- | C] () -- C:\Users\Matt\Desktop\GWR forever.aup
[2013/11/30 15:48:44 | 000,007,104 | ---- | C] () -- C:\Users\Matt\AppData\Local\recently-used.xbel
[2013/08/03 11:02:36 | 000,000,477 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/07/31 22:28:58 | 000,773,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/02 11:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/27 11:55:55 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/05/27 11:55:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/05/07 20:35:54 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/04/22 11:43:47 | 000,000,600 | ---- | C] () -- C:\Users\Matt\AppData\Local\PUTTY.RND
[2013/03/28 18:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 18:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/28 17:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/03/28 17:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 00:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/17 08:33:06 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/02/17 08:33:06 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/02/17 08:24:48 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/17 07:32:04 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 
Fresh OTL:
 

# AdwCleaner v3.016 - Report created 07/01/2014 at 11:16:33
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Matt - LACOMPUTADORA
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v21.0 (en-US)
 
[ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zk01b52b.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [8644 octets] - [06/01/2014 10:47:37]
AdwCleaner[R1].txt - [1121 octets] - [07/01/2014 11:13:10]
AdwCleaner[S0].txt - [8747 octets] - [06/01/2014 11:52:17]
AdwCleaner[S1].txt - [973 octets] - [07/01/2014 11:16:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1032 octets] ##########


#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 January 2014 - 08:51 PM

Hi sirscrambles,

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = C:\Users\Matt\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js
    
    :Commands
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

In your next post please provide the following:
  • OTL fix log
  • Any remaining issues?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 sirscrambles

sirscrambles

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 07 January 2014 - 09:48 PM

OTL fix log:
 
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Matt
->Temp folder emptied: 341861032 bytes
->Temporary Internet Files folder emptied: 201356757 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 128741089 bytes
->Google Chrome cache emptied: 380664190 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 349527143 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42293829 bytes
RecycleBin emptied: 1091459835 bytes
 
Total Files Cleaned = 2,418.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01072014_194126
 
Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
Still no issues coming up.


#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 January 2014 - 10:02 PM

Hi sirscrambles,

Your log appears to be clean.
We have a few items to take care of before we get to the All Clean Speech.

=========================

bullseye_zpse9eaf36e.gif Clean up with OTL:
  • Right-click OTL.exe select "Run as Administrator" to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
=========================

bullseye_zpse9eaf36e.gif Removing/Uninstalling AdwCleaner:
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
=========================

bullseye_zpse9eaf36e.gif You can now delete any tools and/or logs remaining on your desktop.

=========================

bullseye_zpse9eaf36e.gif Delete All But the Most Recent Restore Point
  • Open Disk Cleanup by clicking the Start button start.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
  • If prompted, select the drive that you want to clean up, and then click OK.
  • In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. adminshield.jpg Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • If prompted, select the drive that you want to clean up, and then click OK.
  • Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
  • In the Disk Cleanup dialog box, click Delete.
  • Click Delete Files, and then click OK.
=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-VirusFree Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 sirscrambles

sirscrambles

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 08 January 2014 - 12:48 AM

I am indeed satisfied, thanks much! I've made only a modest donation, though I greatly appreciate your service.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users