Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting annoying popups


  • This topic is locked This topic is locked
11 replies to this topic

#1 Emac0

Emac0

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 28 August 2013 - 12:36 PM

Did a malware scan, a virus scan, use popup blockers and still getting annoying popups. I use spybot and malwarebytes.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496  BrowserJavaVersion: 10.25.2
Run by User at 14:14:33 on 2013-08-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8191.4957 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\User\AppData\Local\The Weather Network\weathereye.exe
C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\Justin\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\Sims3LauncherW.exe
C:\Windows\system32\taskhost.exe
C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3311667&octid=CT3311667&SearchSource=61&CUI=UN65175977611417137&UM=2&UP=SP03EAFEEA-1601-4CCD-BA84-BD3F715C5358
mStart Page = hxxp://www.google.com
uURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
mURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
uRun: [Epson Stylus NX510(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S5CF4.tmp" /EF "HKCU"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WeatherEye] C:\Users\User\AppData\Local\The Weather Network\WeatherEye.exe
uRun: [SearchProtect] C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{25FCE191-1042-4643-9F28-FE1769492F31} : DHCPNameServer = 24.222.0.94 24.222.0.95
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\um5hbryq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304783&CUI=UN55419922525994162&UM=2&SearchSource=3&q={searchTerms}
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-25 22:24; 05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\um5hbryq.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
FF - ExtSQL: 2013-08-27 05:13; {9ed31f84-c8b3-4926-b950-dff74047ff79}; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\um5hbryq.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-15 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-15 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-6-15 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-6-15 378944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-16 283200]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-6-15 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-6-15 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-15 46808]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-8 97056]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 14984480]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-15 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-8-27 32000]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-7-31 39712]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2013-7-10 137400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-8-18 49152]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-15 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-15 1255736]
.
=============== Created Last 30 ================
.
2013-08-27 18:31:09    --------    d-----w-    C:\Users\User\AppData\Local\SIX Updater
2013-08-27 18:24:58    --------    d-----w-    C:\Users\User\AppData\Roaming\Play withSIX
2013-08-27 18:24:58    --------    d-----w-    C:\Users\User\AppData\Local\Play withSIX
2013-08-27 18:24:58    --------    d-----w-    C:\Users\User\AppData\Local\IsolatedStorage
2013-08-27 18:24:44    --------    d-----w-    C:\Program Files (x86)\SIX Networks
2013-08-27 18:24:06    --------    d-----w-    C:\Users\User\AppData\Local\Downloaded Installations
2013-08-27 12:52:08    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{79415DFF-30B2-4825-8DD6-AC2926A1431D}\offreg.dll
2013-08-27 08:22:24    32000    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2013-08-27 08:14:26    --------    d-----w-    C:\ProgramData\HitmanPro
2013-08-27 08:14:11    --------    d-----w-    C:\Users\User\AppData\Local\Conduit
2013-08-27 08:14:11    --------    d-----w-    C:\Program Files (x86)\KeyBar_1.8
2013-08-27 08:14:02    --------    d-----w-    C:\Users\User\AppData\Local\CRE
2013-08-27 08:14:01    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-08-27 08:13:46    --------    d-----w-    C:\Program Files (x86)\SearchProtect
2013-08-27 08:13:33    --------    d-----w-    C:\Users\User\AppData\Roaming\SearchProtect
2013-08-27 07:50:45    --------    d-----w-    C:\AdwCleaner
2013-08-26 17:02:05    --------    d-----w-    C:\ProgramData\Licenses
2013-08-26 17:02:01    129872    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2013-08-26 17:02:01    1070352    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2013-08-26 17:02:00    --------    d-----w-    C:\Program Files (x86)\SpywareBlaster
2013-08-26 01:24:41    --------    d-----w-    C:\Program Files (x86)\hosts
2013-08-18 23:20:39    --------    d-----w-    C:\Program Files (x86)\Common Files\BattlEye
2013-08-18 23:02:39    --------    d-----w-    C:\Users\User\AppData\Local\DayZCommander
2013-08-18 23:02:30    --------    d-----w-    C:\Program Files (x86)\Dotjosh Studios
2013-08-18 20:27:11    --------    d-----w-    C:\Users\User\AppData\Local\ArmA 2
2013-08-18 16:45:33    --------    d-sh--w-    C:\ProgramData\DSS
2013-08-18 16:22:02    2601752    ----a-w-    C:\Windows\SysWow64\pbsvc_moh.exe
2013-08-18 01:43:21    --------    d-----w-    C:\Users\User\AppData\Local\ArmA 2 OA
2013-08-18 01:43:21    --------    d-----w-    C:\ProgramData\Bohemia Interactive Studio
2013-08-18 01:43:18    --------    d-----w-    C:\Program Files (x86)\Bohemia Interactive
2013-08-18 00:02:53    290184    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-08-18 00:02:01    --------    d-----w-    C:\Program Files (x86)\Battlelog Web Plugins
2013-08-17 23:56:28    --------    d-----w-    C:\ProgramData\EA Core
2013-08-17 23:56:27    --------    d-----w-    C:\ProgramData\EA Logs
2013-08-17 23:52:59    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2013-08-17 23:52:24    290184    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-08-17 23:52:24    280904    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-08-17 23:52:22    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-08-17 20:29:10    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-08-17 20:25:50    --------    d-----w-    C:\ProgramData\Origin
2013-08-17 20:25:50    --------    d-----w-    C:\ProgramData\Electronic Arts
2013-08-17 20:25:27    --------    d-----w-    C:\Program Files (x86)\Origin
2013-08-09 02:58:44    --------    d-----w-    C:\Windows\SysWow64\Adobe
2013-07-31 13:47:26    --------    d-----w-    C:\NvidiaLogging
2013-07-31 13:45:43    39712    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-07-31 13:45:43    29984    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-07-31 13:45:43    28448    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-07-30 06:40:09    20268032    ----a-w-    C:\Windows\System32\imageres.dll
2013-07-30 06:38:43    53904    ----a-w-    C:\Windows\System32\wbload.dll
2013-07-30 06:38:40    --------    d-----w-    C:\Program Files (x86)\Common Files\Stardock
2013-07-30 06:38:37    --------    dc-h--w-    C:\ProgramData\{7F2BC0E2-0100-4D40-97C5-06B288973263}
2013-07-30 06:38:36    --------    d-----w-    C:\Program Files (x86)\Stardock
2013-07-30 06:38:15    26766400    ----a-w-    C:\Users\User\mycolors_setup_dell_preload_03-16-2011.exe
.
==================== Find3M  ====================
.
2013-08-05 07:59:04    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-05 07:59:04    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-25 03:38:26    296448    ----a-w-    C:\Windows\SysWow64\rzaudiodll.dll
2013-07-16 02:10:24    57344    ----a-w-    C:\Windows\SysWow64\rzdevinfo.dll
2013-07-16 02:10:22    154112    ----a-w-    C:\Windows\SysWow64\rztouchdll.dll
2013-07-16 02:10:16    117248    ----a-w-    C:\Windows\SysWow64\rzdisplaydll.dll
2013-07-16 02:10:14    772608    ----a-w-    C:\Windows\SysWow64\rzdevicedll.dll
2013-07-10 06:29:32    137400    ----a-w-    C:\Windows\System32\drivers\rzudd.sys
2013-07-05 11:45:04    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-05 11:45:03    972712    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-07-05 11:45:03    1093032    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-07-04 18:13:13    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 18:13:12    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-04 18:13:12    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-27 19:57:26    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 19:57:26    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-21 10:23:16    6496544    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16    3514656    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-06-21 08:16:02    566048    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-06-16 18:13:22    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-06-16 16:50:11    178800    ----a-w-    C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 14:15:20.07 ===============
 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:32 PM

Posted 01 September 2013 - 11:18 AM

Hi Emac0 and welcome to BC.

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Step 2
    Note:
    There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.
  • Vista/Win7 users should right click on the icon and select Run as Administrator.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
  • .

    In your next reply, please submit:
    JRT.txt
    both reports from FRST.


    Thanks.

BBPP6nz.png


#3 Emac0

Emac0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 01 September 2013 - 09:42 PM

Thank You For Your Reply

The information you requested

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Professional x64
Ran by User on Sun 09/01/2013 at 23:09:11.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotect
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotectall
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3952423544-384150134-1107760195-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322532282}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366536682}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322532282}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366536682}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3282812
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3308759
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3311667
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366536682}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366536682}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5EBEDC61-4846-4B2F-90F4-0C515E064F72}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C2A44DD-29CD-4ED9-97D0-83A7806F0092}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\hosts"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\um5hbryq.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\um5hbryq.default\extensions\{0113d088-8ed1-468c-b225-585a9c53b5e3}
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\um5hbryq.default\prefs.js

user_pref("CT3304783.smartbar.homepage", "true");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3304783&octid=CT3304783&SearchSource=61&CUI=UN55419922525994162&UM=2&UP=SP03EAFEEA-1601-4CCD-BA84
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304783&CUI=UN55419922525994162&UM=2&SearchSource=3&q={searchTerms}");
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.internaldb.Resources_resource_remote_1.value", "%22%5Cnfunction%20INCL_ch
user_pref("searchreset.backup.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3304783&octid=CT3304783&SearchSource=61&CUI=UN55419922525994162&UM=2&UP=SP03EAFEEA-
user_pref("searchreset.backup.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304783&SearchSource=2&CUI=UN55419922525994162&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3304783");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3304783&CUI=UN55419922525994162&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3304783&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304783&SearchSource=2&CUI=UN55419922525994162&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3304783");
user_pref("smartbar.homePageOwnerCTID", "CT3304783");
user_pref("smartbar.machineId", "ZM/PG5TKACE+FIQFNTADZGEZRM4PTNYNIGM+UOICPZNMZTUR7B18KI/IWTZR3XTFOHDRWVXCMQELVDU/GRPXIQ");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3304783&CUI=UN55419922525994162&UM=2&SearchSource=13");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\um5hbryq.default\minidumps [23 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/01/2013 at 23:27:52.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 02
Ran by User (administrator) on MACCALLUM on 01-09-2013 23:30:56
Running from C:\Users\User\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Pelmorex Media Inc.) C:\Users\User\AppData\Local\The Weather Network\weathereye.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(BitTorrent Inc.) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Thisisu) C:\Users\User\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Epson Stylus NX510(Network)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S5CF4.tmp" /EF "HKCU" [x]
HKCU\...\Run: [WeatherEye] - C:\Users\User\AppData\Local\The Weather Network\WeatherEye.exe [310920 2012-08-30] (Pelmorex Media Inc.)
MountPoints2: {66c7c48f-d611-11e2-8196-00044b0a5572} - E:\Autorun.exe
MountPoints2: {66c7c493-d611-11e2-8196-00044b0a5572} - F:\Autorun.exe
MountPoints2: {e6fd30e7-a5e9-11e2-956a-806e6f6e6963} - D:\OblivionLauncher.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606056 2013-07-23] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stardock MyColors.lnk
ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe ()
Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
URLSearchHook: (No Name) - {9ed31f84-c8b3-4926-b950-dff74047ff79} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
SearchScopes: HKLM-x32 - DefaultScope {8C2A44DD-29CD-4ED9-97D0-83A7806F0092} URL =
SearchScopes: HKLM-x32 - {17330F60-95EA-4F59-4650-1B76881EC0F0} URL =
SearchScopes: HKLM-x32 - {5EBEDC61-4846-4B2F-90F4-0C515E064F72 URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
SearchScopes: HKCU - DefaultScope {8C2A44DD-29CD-4ED9-97D0-83A7806F0092} URL =
SearchScopes: HKCU - {5EBEDC61-4846-4B2F-90F4-0C515E064F72 URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
SearchScopes: HKCU - {6C5A2BBF-F4A2-E4D0-F045-115EFC0D4284} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: KeyBar 1.8 Toolbar - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - KeyBar 1.8 Toolbar - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll (Conduit Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\um5hbryq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\um5hbryq.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
FF Extension: KeyBar 1.8  - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\um5hbryq.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311667&SearchSource=48&CUI=UN11937230711132730&UM=2
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3311667&SearchSource=48&CUI=UN11937230711132730&UM=2"
CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN11937230711132730&ctid=CT3311667&UM=2
CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN11937230711132730&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (KeyBar 1.8) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bieggkdbhfmhhgllongmgdegafngmmne\10.16.100.4_0
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bieggkdbhfmhhgllongmgdegafngmmne] - C:\Users\User\AppData\Local\CRE\bieggkdbhfmhhgllongmgdegafngmmne.crx
CHR HKLM-x32\...\Chrome\Extension: [eiebcgmnpbbifoagcaobgelgnijgpaog] - C:\Users\User\AppData\Local\CRE\eiebcgmnpbbifoagcaobgelgnijgpaog.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-08-18] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-18] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-16] (DT Soft Ltd)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-08-27] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 23:30 - 2013-09-01 23:30 - 00000000 ____D C:\FRST
2013-09-01 23:27 - 2013-09-01 23:27 - 00008286 _____ C:\Users\User\Desktop\JRT.txt
2013-09-01 23:22 - 2013-09-01 23:22 - 00000000 ____D C:\Users\User\AppData\Roaming\SearchProtect
2013-09-01 23:09 - 2013-09-01 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 23:08 - 2013-09-01 23:08 - 01028757 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2013-08-29 12:46 - 2013-08-29 12:46 - 00000000 ____D C:\Windows\LastGood
2013-08-29 12:46 - 2013-08-20 10:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-29 12:46 - 2013-08-20 10:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-28 14:15 - 2013-08-28 14:15 - 00021818 _____ C:\Users\User\Desktop\dds.txt
2013-08-28 14:15 - 2013-08-28 14:15 - 00006540 _____ C:\Users\User\Desktop\attach.txt
2013-08-28 14:12 - 2013-08-28 14:12 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2013-08-28 03:41 - 2013-08-28 03:42 - 00000000 ____D C:\Program Files\HijackThis
2013-08-28 03:41 - 2013-08-28 03:41 - 00251392 _____ C:\Users\User\Downloads\hijackthis_sfx.exe
2013-08-27 15:31 - 2013-08-27 15:31 - 00000000 ____D C:\Users\User\AppData\Local\SIX Updater
2013-08-27 15:24 - 2013-08-27 15:31 - 00000000 ____D C:\Users\User\AppData\Local\Play withSIX
2013-08-27 15:24 - 2013-08-27 15:25 - 00000000 ____D C:\Users\User\AppData\Roaming\Play withSIX
2013-08-27 15:24 - 2013-08-27 15:24 - 00000000 ____D C:\Users\User\AppData\Local\IsolatedStorage
2013-08-27 15:24 - 2013-08-27 15:24 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2013-08-27 15:24 - 2013-08-27 15:24 - 00000000 ____D C:\Program Files (x86)\SIX Networks
2013-08-27 15:22 - 2013-08-27 15:22 - 12161296 _____ (SIX Networks) C:\Users\User\Downloads\Play withSIX setup.exe
2013-08-27 11:40 - 2013-08-27 11:40 - 00000000 ____D C:\Users\Justin\AppData\Roaming\SearchProtect
2013-08-27 05:22 - 2013-08-27 05:22 - 519981052 _____ C:\Windows\MEMORY.DMP
2013-08-27 05:22 - 2013-08-27 05:22 - 00290680 _____ C:\Windows\Minidump\082713-27050-01.dmp
2013-08-27 05:22 - 2013-08-27 05:22 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-27 05:22 - 2013-08-27 05:22 - 00000000 ____D C:\Windows\Minidump
2013-08-27 05:20 - 2013-08-27 05:20 - 00000738 _____ C:\Windows\system32\.crusader
2013-08-27 05:14 - 2013-08-27 05:21 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-27 05:14 - 2013-08-27 05:14 - 00000000 ____D C:\Program Files (x86)\KeyBar_1.8
2013-08-27 05:12 - 2013-08-27 05:12 - 01066648 _____ (InstallManager) C:\Users\User\Downloads\setup.exe
2013-08-27 04:50 - 2013-08-27 04:52 - 00000000 ____D C:\AdwCleaner
2013-08-27 04:50 - 2013-08-27 04:50 - 00994642 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-08-26 14:02 - 2013-08-29 16:06 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-08-26 14:02 - 2013-08-26 14:02 - 00000000 ____D C:\ProgramData\Licenses
2013-08-26 14:02 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-08-26 14:02 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2013-08-26 14:01 - 2013-08-26 14:01 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\User\Downloads\spywareblastersetup50.exe
2013-08-26 11:06 - 2013-08-26 11:07 - 00584600 _____ C:\Users\User\Downloads\cbsidlm-tr1_14-AdwCleaner-ORG-75851221(1).exe
2013-08-26 10:40 - 2013-08-26 10:40 - 00584600 _____ C:\Users\User\Downloads\cbsidlm-tr1_14-AdwCleaner-ORG-75851221.exe
2013-08-20 09:08 - 2013-08-20 09:08 - 00001354 _____ C:\Users\User\Desktop\DayZ Commander.lnk
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Users\User\AppData\Local\DayZCommander
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Program Files (x86)\Dotjosh Studios
2013-08-18 20:01 - 2013-08-18 20:02 - 02945024 _____ C:\Users\User\Downloads\Dotjosh.DayZCommander.Installer.msi
2013-08-18 17:27 - 2013-08-27 15:28 - 00000000 ____D C:\Users\User\Documents\ArmA 2
2013-08-18 17:27 - 2013-08-18 17:27 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2
2013-08-18 15:28 - 2013-08-18 15:30 - 00000000 ____D C:\Users\Justin\Documents\NFS Carbon
2013-08-18 13:45 - 2013-08-18 13:45 - 00000000 __SHD C:\ProgramData\DSS
2013-08-18 13:22 - 2010-09-16 00:13 - 02601752 _____ C:\Windows\SysWOW64\pbsvc_moh.exe
2013-08-17 22:43 - 2013-08-29 17:23 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
2013-08-17 22:43 - 2013-08-18 17:27 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2013-08-17 22:43 - 2013-08-17 22:43 - 00000000 ____D C:\Users\User\Documents\BIS Core Engine
2013-08-17 22:43 - 2013-08-17 22:43 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2013-08-17 22:43 - 2013-08-17 22:43 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2013-08-17 22:39 - 2013-08-17 22:39 - 00000222 _____ C:\Users\User\Desktop\Arma 2 Operation Arrowhead Beta.url
2013-08-17 22:39 - 2013-08-17 22:39 - 00000221 _____ C:\Users\User\Desktop\Arma 2.url
2013-08-17 22:39 - 2013-08-17 22:39 - 00000221 _____ C:\Users\User\Desktop\Arma 2 Operation Arrowhead.url
2013-08-17 22:18 - 2013-08-17 22:18 - 00002942 _____ C:\Windows\System32\Tasks\{D425F2CC-6C81-42FF-B006-0929E2BAEB29}
2013-08-17 22:17 - 2013-08-17 22:17 - 00002942 _____ C:\Windows\System32\Tasks\{E75144C5-17B0-435B-84CE-C8CFAA0AACD6}
2013-08-17 21:47 - 2013-08-17 21:47 - 00000000 ____D C:\Users\Justin\AppData\Local\Criterion Games
2013-08-17 21:46 - 2013-08-17 21:46 - 00000000 __RHD C:\Users\Justin\AppData\Roaming\SecuROM
2013-08-17 21:02 - 2013-08-29 08:50 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-17 21:02 - 2013-08-26 19:02 - 00000000 ____D C:\Users\Justin\AppData\Local\PunkBuster
2013-08-17 21:02 - 2013-08-17 21:03 - 00000000 ____D C:\Users\Justin\Documents\Battlefield 3
2013-08-17 21:02 - 2013-08-17 21:02 - 00000000 ____D C:\Users\Justin\AppData\Local\ESN
2013-08-17 21:02 - 2013-08-17 21:02 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-08-17 21:01 - 2013-08-17 21:01 - 03820480 _____ C:\Users\Justin\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-08-17 20:56 - 2013-08-17 20:56 - 00000000 ____D C:\ProgramData\EA Core
2013-08-17 20:52 - 2013-08-29 08:50 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-17 20:52 - 2013-08-29 08:50 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-08-17 20:52 - 2013-08-18 08:54 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-17 20:51 - 2013-08-19 18:44 - 00309917 _____ C:\Windows\DirectX.log
2013-08-17 17:29 - 2013-08-22 18:04 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-08-17 17:28 - 2013-08-18 08:44 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Origin
2013-08-17 17:28 - 2013-08-17 20:55 - 00000000 ____D C:\Users\Justin\AppData\Local\Origin
2013-08-17 17:25 - 2013-08-27 11:40 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-17 17:25 - 2013-08-24 13:07 - 00000000 ____D C:\ProgramData\Origin
2013-08-17 17:25 - 2013-08-17 20:56 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-17 17:24 - 2013-08-17 17:24 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Justin\Downloads\OriginThinSetup.exe
2013-08-16 23:51 - 2013-08-17 09:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 04:12 - 2013-08-16 04:30 - 00327680 _____ C:\Windows\system32\Ikeext.etl
2013-08-12 19:25 - 2013-08-12 19:25 - 00000000 ____D C:\Users\Justin\AppData\Roaming\OpenOffice.org
2013-08-12 17:19 - 2013-08-12 17:19 - 00000042 _____ C:\Windows\.wb4
2013-08-12 13:46 - 2013-08-12 13:46 - 00002570 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk
2013-08-12 13:46 - 2013-08-12 13:46 - 00002540 _____ C:\Users\User\Desktop\DC Universe Online.lnk
2013-08-12 13:45 - 2013-08-12 13:45 - 21652616 _____ C:\Users\User\Downloads\DCUO_setup.exe
2013-08-12 13:45 - 2013-08-12 13:45 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-08-08 23:58 - 2013-09-01 09:46 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-08-08 14:51 - 2013-08-08 14:51 - 03371066 _____ C:\Users\User\Downloads\LotsOMobs.jar
2013-08-03 15:00 - 2013-08-03 15:00 - 00196080 _____ C:\Users\User\Desktop\Minecraft(1).rar

==================== One Month Modified Files and Folders =======

2013-09-01 23:30 - 2013-09-01 23:30 - 01951952 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-09-01 23:30 - 2013-09-01 23:30 - 00000000 ____D C:\FRST
2013-09-01 23:29 - 2013-06-15 23:39 - 00000000 ____D C:\Users\Justin\AppData\Roaming\uTorrent
2013-09-01 23:27 - 2013-09-01 23:27 - 00008286 _____ C:\Users\User\Desktop\JRT.txt
2013-09-01 23:22 - 2013-09-01 23:22 - 00000000 ____D C:\Users\User\AppData\Roaming\SearchProtect
2013-09-01 23:11 - 2013-06-15 11:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 23:09 - 2013-09-01 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 23:08 - 2013-09-01 23:08 - 01028757 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2013-09-01 23:04 - 2013-06-15 12:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 21:47 - 2013-06-10 02:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-01 21:47 - 2013-04-15 01:26 - 01491213 _____ C:\Windows\WindowsUpdate.log
2013-09-01 20:04 - 2013-06-15 11:50 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-01 10:11 - 2013-06-15 11:50 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 09:46 - 2013-08-08 23:58 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-09-01 07:55 - 2013-06-15 23:07 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Skype
2013-08-31 22:59 - 2009-07-14 02:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 22:56 - 2013-07-31 10:45 - 00007750 _____ C:\Windows\setupact.log
2013-08-29 17:23 - 2013-08-17 22:43 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
2013-08-29 17:12 - 2013-06-15 20:45 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2013-08-29 16:06 - 2013-08-26 14:02 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-08-29 15:58 - 2009-07-14 01:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 15:58 - 2009-07-14 01:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 12:47 - 2013-06-10 02:25 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-29 12:46 - 2013-08-29 12:46 - 00000000 ____D C:\Windows\LastGood
2013-08-29 09:21 - 2013-07-22 09:59 - 00000000 ____D C:\Users\Justin\AppData\Roaming\vlc
2013-08-29 08:50 - 2013-08-17 21:02 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-29 08:50 - 2013-08-17 20:52 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-29 08:50 - 2013-08-17 20:52 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-08-28 14:15 - 2013-08-28 14:15 - 00021818 _____ C:\Users\User\Desktop\dds.txt
2013-08-28 14:15 - 2013-08-28 14:15 - 00006540 _____ C:\Users\User\Desktop\attach.txt
2013-08-28 14:12 - 2013-08-28 14:12 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2013-08-28 03:56 - 2013-06-17 00:03 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-08-28 03:42 - 2013-08-28 03:41 - 00000000 ____D C:\Program Files\HijackThis
2013-08-28 03:41 - 2013-08-28 03:41 - 00251392 _____ C:\Users\User\Downloads\hijackthis_sfx.exe
2013-08-27 17:30 - 2013-06-16 13:34 - 00000000 ____D C:\Users\Justin\Documents\EA Games
2013-08-27 15:31 - 2013-08-27 15:31 - 00000000 ____D C:\Users\User\AppData\Local\SIX Updater
2013-08-27 15:31 - 2013-08-27 15:24 - 00000000 ____D C:\Users\User\AppData\Local\Play withSIX
2013-08-27 15:28 - 2013-08-18 17:27 - 00000000 ____D C:\Users\User\Documents\ArmA 2
2013-08-27 15:25 - 2013-08-27 15:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Play withSIX
2013-08-27 15:24 - 2013-08-27 15:24 - 00000000 ____D C:\Users\User\AppData\Local\IsolatedStorage
2013-08-27 15:24 - 2013-08-27 15:24 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2013-08-27 15:24 - 2013-08-27 15:24 - 00000000 ____D C:\Program Files (x86)\SIX Networks
2013-08-27 15:22 - 2013-08-27 15:22 - 12161296 _____ (SIX Networks) C:\Users\User\Downloads\Play withSIX setup.exe
2013-08-27 11:40 - 2013-08-27 11:40 - 00000000 ____D C:\Users\Justin\AppData\Roaming\SearchProtect
2013-08-27 11:40 - 2013-08-17 17:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-27 05:22 - 2013-08-27 05:22 - 519981052 _____ C:\Windows\MEMORY.DMP
2013-08-27 05:22 - 2013-08-27 05:22 - 00290680 _____ C:\Windows\Minidump\082713-27050-01.dmp
2013-08-27 05:22 - 2013-08-27 05:22 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-27 05:22 - 2013-08-27 05:22 - 00000000 ____D C:\Windows\Minidump
2013-08-27 05:22 - 2013-07-31 13:43 - 00097584 _____ C:\Windows\PFRO.log
2013-08-27 05:22 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 05:21 - 2013-08-27 05:14 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-27 05:20 - 2013-08-27 05:20 - 00000738 _____ C:\Windows\system32\.crusader
2013-08-27 05:14 - 2013-08-27 05:14 - 00000000 ____D C:\Program Files (x86)\KeyBar_1.8
2013-08-27 05:12 - 2013-08-27 05:12 - 01066648 _____ (InstallManager) C:\Users\User\Downloads\setup.exe
2013-08-27 04:52 - 2013-08-27 04:50 - 00000000 ____D C:\AdwCleaner
2013-08-27 04:50 - 2013-08-27 04:50 - 00994642 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-08-27 04:39 - 2013-07-03 16:53 - 00000000 ____D C:\Users\Justin\AppData\Local\Conduit
2013-08-26 19:02 - 2013-08-17 21:02 - 00000000 ____D C:\Users\Justin\AppData\Local\PunkBuster
2013-08-26 14:02 - 2013-08-26 14:02 - 00000000 ____D C:\ProgramData\Licenses
2013-08-26 14:01 - 2013-08-26 14:01 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\User\Downloads\spywareblastersetup50.exe
2013-08-26 12:30 - 2013-06-26 23:45 - 00002811 _____ C:\Windows\wininit.ini
2013-08-26 12:30 - 2013-04-15 01:26 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-26 12:15 - 2009-07-13 23:34 - 00450636 ____R C:\Windows\system32\Drivers\etc\hosts.20130829-160031.backup
2013-08-26 12:13 - 2013-06-15 12:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-26 11:07 - 2013-08-26 11:06 - 00584600 _____ C:\Users\User\Downloads\cbsidlm-tr1_14-AdwCleaner-ORG-75851221(1).exe
2013-08-26 10:41 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Resources
2013-08-26 10:40 - 2013-08-26 10:40 - 00584600 _____ C:\Users\User\Downloads\cbsidlm-tr1_14-AdwCleaner-ORG-75851221.exe
2013-08-26 01:41 - 2013-06-29 21:55 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-08-24 13:07 - 2013-08-17 17:25 - 00000000 ____D C:\ProgramData\Origin
2013-08-23 22:05 - 2013-06-15 20:17 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-22 18:04 - 2013-08-17 17:29 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-08-20 10:33 - 2013-08-29 12:46 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-20 10:32 - 2013-08-29 12:46 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-20 10:32 - 2013-07-31 10:45 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-20 09:08 - 2013-08-20 09:08 - 00001354 _____ C:\Users\User\Desktop\DayZ Commander.lnk
2013-08-19 19:18 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-08-19 19:04 - 2013-06-23 18:30 - 00000000 ____D C:\Users\Justin\Desktop\Games
2013-08-19 18:44 - 2013-08-17 20:51 - 00309917 _____ C:\Windows\DirectX.log
2013-08-19 16:57 - 2013-07-31 13:40 - 00115796 _____ C:\Windows\DPINST.LOG
2013-08-19 16:56 - 2013-06-17 14:23 - 00000000 ____D C:\Users\User\AppData\Roaming\Epson
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Users\User\AppData\Local\DayZCommander
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Program Files (x86)\Dotjosh Studios
2013-08-18 20:02 - 2013-08-18 20:01 - 02945024 _____ C:\Users\User\Downloads\Dotjosh.DayZCommander.Installer.msi
2013-08-18 17:27 - 2013-08-18 17:27 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2
2013-08-18 17:27 - 2013-08-17 22:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2013-08-18 15:30 - 2013-08-18 15:28 - 00000000 ____D C:\Users\Justin\Documents\NFS Carbon
2013-08-18 13:45 - 2013-08-18 13:45 - 00000000 __SHD C:\ProgramData\DSS
2013-08-18 11:18 - 2013-06-15 22:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-18 08:54 - 2013-08-17 20:52 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-18 08:44 - 2013-08-17 17:28 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Origin
2013-08-17 22:43 - 2013-08-17 22:43 - 00000000 ____D C:\Users\User\Documents\BIS Core Engine
2013-08-17 22:43 - 2013-08-17 22:43 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2013-08-17 22:43 - 2013-08-17 22:43 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2013-08-17 22:39 - 2013-08-17 22:39 - 00000222 _____ C:\Users\User\Desktop\Arma 2 Operation Arrowhead Beta.url
2013-08-17 22:39 - 2013-08-17 22:39 - 00000221 _____ C:\Users\User\Desktop\Arma 2.url
2013-08-17 22:39 - 2013-08-17 22:39 - 00000221 _____ C:\Users\User\Desktop\Arma 2 Operation Arrowhead.url
2013-08-17 22:29 - 2013-06-15 11:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 22:18 - 2013-08-17 22:18 - 00002942 _____ C:\Windows\System32\Tasks\{D425F2CC-6C81-42FF-B006-0929E2BAEB29}
2013-08-17 22:17 - 2013-08-17 22:17 - 00002942 _____ C:\Windows\System32\Tasks\{E75144C5-17B0-435B-84CE-C8CFAA0AACD6}
2013-08-17 21:47 - 2013-08-17 21:47 - 00000000 ____D C:\Users\Justin\AppData\Local\Criterion Games
2013-08-17 21:46 - 2013-08-17 21:46 - 00000000 __RHD C:\Users\Justin\AppData\Roaming\SecuROM
2013-08-17 21:03 - 2013-08-17 21:02 - 00000000 ____D C:\Users\Justin\Documents\Battlefield 3
2013-08-17 21:02 - 2013-08-17 21:02 - 00000000 ____D C:\Users\Justin\AppData\Local\ESN
2013-08-17 21:02 - 2013-08-17 21:02 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-08-17 21:01 - 2013-08-17 21:01 - 03820480 _____ C:\Users\Justin\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-08-17 20:56 - 2013-08-17 20:56 - 00000000 ____D C:\ProgramData\EA Core
2013-08-17 20:56 - 2013-08-17 17:25 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-17 20:55 - 2013-08-17 17:28 - 00000000 ____D C:\Users\Justin\AppData\Local\Origin
2013-08-17 17:24 - 2013-08-17 17:24 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Justin\Downloads\OriginThinSetup.exe
2013-08-17 09:36 - 2013-08-16 23:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 21:32 - 2013-06-15 23:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-16 05:07 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-16 04:30 - 2013-08-16 04:12 - 00327680 _____ C:\Windows\system32\Ikeext.etl
2013-08-16 04:29 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\tracing
2013-08-15 20:05 - 2013-07-07 10:10 - 00000000 ____D C:\Users\Justin\AppData\Local\SKIDROW
2013-08-15 19:25 - 2013-06-15 22:29 - 00000000 ____D C:\Users\Justin\Documents\My Games
2013-08-12 19:25 - 2013-08-12 19:25 - 00000000 ____D C:\Users\Justin\AppData\Roaming\OpenOffice.org
2013-08-12 18:13 - 2013-06-17 14:31 - 00000000 ____D C:\Users\User\Documents\My Games
2013-08-12 18:13 - 2013-06-16 20:19 - 00000000 ____D C:\Users\User\AppData\Local\SCE
2013-08-12 17:19 - 2013-08-12 17:19 - 00000042 _____ C:\Windows\.wb4
2013-08-12 13:46 - 2013-08-12 13:46 - 00002570 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk
2013-08-12 13:46 - 2013-08-12 13:46 - 00002540 _____ C:\Users\User\Desktop\DC Universe Online.lnk
2013-08-12 13:46 - 2013-06-17 15:43 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-12 13:45 - 2013-08-12 13:45 - 21652616 _____ C:\Users\User\Downloads\DCUO_setup.exe
2013-08-12 13:45 - 2013-08-12 13:45 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-08-08 14:51 - 2013-08-08 14:51 - 03371066 _____ C:\Users\User\Downloads\LotsOMobs.jar
2013-08-08 10:32 - 2013-06-17 20:17 - 00000000 ____D C:\Games
2013-08-07 22:35 - 2013-07-18 13:04 - 00000000 ____D C:\Users\Justin\AppData\Local\PMB Files
2013-08-07 22:35 - 2013-07-18 13:04 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-05 04:59 - 2013-06-15 12:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-05 04:59 - 2013-06-10 02:18 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 04:59 - 2013-06-10 02:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-03 15:00 - 2013-08-03 15:00 - 00196080 _____ C:\Users\User\Desktop\Minecraft(1).rar

Files to move or delete:
====================
C:\Users\Justin\jagex_cl_runescape_LIVE.dat
C:\Users\Justin\random.dat
C:\Users\Justin\AppData\Local\Temp\AutoRun.exe
C:\Users\Justin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Justin\AppData\Local\Temp\bitool.dll
C:\Users\Justin\AppData\Local\Temp\eauninstall.exe
C:\Users\Justin\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
C:\Users\Justin\AppData\Local\Temp\nsa1197.exe
C:\Users\Justin\AppData\Local\Temp\nsaE8B3.exe
C:\Users\Justin\AppData\Local\Temp\nsaF756.exe
C:\Users\Justin\AppData\Local\Temp\nsq7720.exe
C:\Users\Justin\AppData\Local\Temp\nsvA2CE.exe
C:\Users\Justin\AppData\Local\Temp\nsvB171.exe
C:\Users\Justin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Justin\AppData\Local\Temp\sonarinst.exe
C:\Users\Justin\AppData\Local\Temp\SPStub.exe
C:\Users\Justin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Justin\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Justin\AppData\Local\Temp\VP6Install.exe
C:\Users\Justin\AppData\Local\Temp\VP6VFW.dll
C:\Users\Justin\AppData\Local\Temp\{A1688028-9D73-475F-B2E4-0521071DFF02}\adobeshockwavextrabundle.exe
C:\Users\Justin\AppData\Local\Temp\ispC421.tmp\_Setup.dll
C:\Users\Justin\AppData\Local\Temp\isp8645.tmp\_Setup.dll
C:\Users\Justin\AppData\Local\Temp\isp43D8.tmp\_Setup.dll
C:\Users\Justin\AppData\Local\Temp\G4WL\dotnetfx3.exe
C:\Users\Justin\AppData\Local\Temp\G4WL\dotnetfx3_x64.exe
C:\Users\Justin\AppData\Local\Temp\G4WL\msiexec.exe
C:\Users\Justin\AppData\Local\Temp\G4WL\vcredist_x86.exe
C:\Users\Justin\AppData\Local\Temp\DXREDIST\DSETUP.dll
C:\Users\Justin\AppData\Local\Temp\DXREDIST\dsetup32.dll
C:\Users\Justin\AppData\Local\Temp\DXREDIST\DXSETUP.exe
C:\Users\Justin\AppData\Local\Temp\ct3282812\chLogic.exe
C:\Users\Justin\AppData\Local\Temp\ct3282812\spch.exe
C:\Users\Justin\AppData\Local\Temp\byeC7F3.tmp\Disk1\setup.exe
C:\Users\Justin\AppData\Local\Temp\AUG2005DXREDIST\DSETUP.dll
C:\Users\Justin\AppData\Local\Temp\AUG2005DXREDIST\dsetup32.dll
C:\Users\Justin\AppData\Local\Temp\AUG2005DXREDIST\DXSETUP.exe
C:\Users\User\mycolors_setup_dell_preload_03-16-2011.exe
C:\Users\User\AppData\Local\Temp\conduitinstaller.exe
C:\Users\User\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe
C:\Users\User\AppData\Local\Temp\nshA98D.exe
C:\Users\User\AppData\Local\Temp\nsnD0FB.exe
C:\Users\User\AppData\Local\Temp\nssC3AF.exe
C:\Users\User\AppData\Local\Temp\nssFD96.exe
C:\Users\User\AppData\Local\Temp\nsx5FDE.exe
C:\Users\User\AppData\Local\Temp\nsxF0E6.exe
C:\Users\User\AppData\Local\Temp\OtshotInstaller7.exe
C:\Users\User\AppData\Local\Temp\setup.exe
C:\Users\User\AppData\Local\Temp\SPStub.exe
C:\Users\User\AppData\Local\Temp\tbSom0.dll
C:\Users\User\AppData\Local\Temp\tbTuva.dll
C:\Users\User\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\User\AppData\Local\Temp\RzUpdater\Ionic.Zip.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\log4net.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\RzCommon.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\RzStorage.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\RzUpdateManager.exe
C:\Users\User\AppData\Local\Temp\RzUpdater\RzUpdateManagerUI.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\zh-CN\RzSynapse.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\zh-CN\RzSynapseLoginUI.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\zh-CN\RzUpdateManager.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\zh-CHT\RzSynapse.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\zh-CHT\RzSynapseLoginUI.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\zh-CHT\RzUpdateManager.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\ru-RU\RzSynapse.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\ru-RU\RzSynapseLoginUI.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\ru-RU\RzUpdateManager.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\pt-BR\RzSynapse.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\pt-BR\RzSynapseLoginUI.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\pt-BR\RzUpdateManager.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\ko-KR\RzSynapse.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\ko-KR\RzSynapseLoginUI.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\ko-KR\RzUpdateManager.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\ja-JP\RzSynapse.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\ja-JP\RzSynapseLoginUI.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\ja-JP\RzUpdateManager.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\fr-FR\RzSynapse.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\fr-FR\RzSynapseLoginUI.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\fr-FR\RzUpdateManager.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\es-ES\RzSynapse.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\es-ES\RzSynapseLoginUI.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\es-ES\RzUpdateManager.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\de-DE\RzSynapse.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\de-DE\RzSynapseLoginUI.resources.dll
C:\Users\User\AppData\Local\Temp\RzUpdater\de-DE\RzUpdateManager.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\setup.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap32v.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap64v.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco32.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco64.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2UI.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy32.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy64.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\ReleaseHighlights.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\dotNetFx40_Full_setup.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\MSNetExt.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\detoured.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvFBC.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\NvGfeServiceBridge.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvsteamsupport.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamsvc.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\protobuf-net.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\rxinput.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\steam_api.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\detoured.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvFBC.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\NvGfeServiceBridge.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvsteamsupport.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\rxinput.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\steam_api64.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avcodec-52.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avdevice-52.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avformat-52.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avutil-49.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\Bifrost.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\cudart32_41_0.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\NvStreamCExt.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\nvwinstreamc.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\swscale-0.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\7z.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\DisplayCplExt.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ExtensionLoader.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.WPF4.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperience.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceControls.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceCore.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceExt.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GridService.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerService.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerUIExtension.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\log4net.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.Practices.ServiceLocation.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.Properties.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.UpdateService.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Win32Api.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nvtmru.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\oaremote_plugin.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ShadowPlay.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Core.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Interfaces.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Linq.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.PlatformServices.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Providers.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Runtime.Remoting.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Windows.Threading.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Windows.Interactivity.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHT\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHS\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\tr-TR\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\th-TH\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sv-SE\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sl-SI\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sk-SK\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ru-RU\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-PT\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-BR\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pl-PL\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nl-NL\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nb-NO\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ko-KR\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ja-JP\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\it-IT\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\hu-HU\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\he-IL\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fr-FR\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fi-FI\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-MX\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-ES\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperience.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-GB\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\el-GR\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\de-DE\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\da-DK\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\cs-CZ\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ar-AE\GFExperienceControls.resources.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\ComUpdatus.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\daemonu.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU32.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU64.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt32.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt64.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr32.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr64.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP32.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP64.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP32.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP64.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\UpdateExt.dll
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\WLMerger.exe
C:\Users\User\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Optimus\OptimusExt.dll
C:\Users\User\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\User\AppData\Local\Temp\gw2cache-{EDD914D6-F09F-176E-D514-D9ED9FF06E17}\icudt.dll
C:\Users\User\AppData\Local\Temp\CT3311667\spch.exe
C:\Users\User\AppData\Local\Temp\CT3311667\plugins\TBVerifier.dll
C:\Users\User\AppData\Local\Temp\CT3304783\spff.exe
C:\Users\User\AppData\Local\Temp\ct3286042\chLogic.exe
C:\Users\User\AppData\Local\Temp\ct3286042\ctbe.exe
C:\Users\User\AppData\Local\Temp\ct3286042\ffLogic.exe
C:\Users\User\AppData\Local\Temp\ct3286042\ieLogic.exe
C:\Users\User\AppData\Local\Temp\ct3286042\statisticsStub.exe
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\CbsProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\CompatProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\DismCore.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\DismCorePS.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\DismHost.exe
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\DismProv.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\DmiProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\FolderProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\IntlProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\LogProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\MsiProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\OSProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\SmiProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\TransmogProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\UnattendProvider.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\wdscore.dll
C:\Users\User\AppData\Local\Temp\AD5F3A54-7BE0-41C4-A0EB-42ADEF19FEA0\WimProvider.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 00:51

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 02
Ran by User at 2013-09-01 23:31:35
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.3.0.29677)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Alliance of Valiant Arms (x32)
APB Reloaded (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Arma 2 (x32)
Arma 2: Operation Arrowhead (x32)
Arma 2: Operation Arrowhead Beta (x32)
ASUS MultiFrame (x32 Version: 1.0.22)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
BattlEye for OA Uninstall (x32)
BattlEye Uninstall (x32)
Bonjour (Version: 3.0.0.10)
Burnout™ Paradise: The Ultimate Box (x32 Version: 1.1.0.0)
Combat Arms (x32)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
DayZ Commander (x32 Version: 0.92.90)
DC Universe Online (HKCU Version: 1.0.3.183)
DC Universe Online Live (HKCU)
Dead Space™ (x32 Version: 1.0.222.0)
Dead Space™ 3 (x32 Version: 1.0.0.0)
eaner (Version: 4.04)
Epson Event Manager (x32 Version: 2.30.01)
EPSON NX510 Series Printer Uninstall
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.4j)
EpsonNet Setup (x32 Version: 3.1c)
ESN Sonar (x32 Version: 0.70.4)
Fallout 3 (x32 Version: 1.00.0000)
Fallout Mod Manager 0.13.21 (x32)
GeForce Experience NvStream Client Components (Version: 0.1.87)
Google Chrome (x32 Version: 29.0.1547.62)
Google Update Helper (x32 Version: 1.3.21.153)
Guild Wars (x32)
Guild Wars 2 (x32)
HijackThis 1.99.1 (x32 Version: 1.99.1)
hosts (x32 Version: 1.27.153.7)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
KeyBar 1.8 Toolbar (x32 Version: 6.15.0.27)
League of Legends (x32 Version: 3.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Medal of Honor ™ (x32 Version: 1.0.0.0)
Metro: Last Light © Deep Silver version 1 (x32 Version: 1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mirror's Edge™ (x32 Version: 1.0.1.0)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Need for Speed Underground 2 (x32)
NVIDIA 3D Vision Controller Driver 320.49 (Version: 320.49)
NVIDIA 3D Vision Driver 320.49 (Version: 320.49)
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Graphics Driver 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
Oblivion (x32 Version: 1.00.0000)
Oblivion mod manager 1.1.12 (x32)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Origin (x32 Version: 9.3.1.4482)
Pando Media Booster (x32 Version: 2.6.0.7)
PlanetSide 2 (x32)
Play withSIX (x32 Version: 1.30.0476)
PunkBuster Services (x32 Version: 0.989)
Razer Synapse 2.0 (x32 Version: 1.12.8)
Sanitarium (x32)
SHIELD Streaming (Version: 1.05.28)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
Stardock MyColors (x32 Version: 2.75.00)
Steam (x32 Version: 1.0.0.0)
Sumotori Dreams (x32)
Sumotori Full Version (x32)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.10)
The Sims 2 University (x32)
The Sims™ 2 Deluxe (x32)
The Sims™ 3 (x32 Version: 1.55.4)
The Sims™ 3 High-End Loft Stuff (x32 Version: 3.0.38)
The Sims™ 3 Late Night (x32 Version: 6.5.1)
The Weather Network (HKCU Version: 6.0.2.5)
TopArcadeHits (HKCU)
TSEV Skyrim LE (x32 Version: 2.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
War Thunder Launcher 1.0.1.246 (x32)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 5.00 beta 5 (64-bit) (Version: 5.00.5)
World of Warcraft (x32 Version: 5.3.0.17128)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 23:34 - 2013-08-29 16:00 - 00450636 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {0586C8CD-006B-4972-9D60-4F53C5D59966} - System32\Tasks\{D425F2CC-6C81-42FF-B006-0929E2BAEB29} => C:\Program Files (x86)\Steam\Steam.exe [2013-07-26] (Valve Corporation)
Task: {0DA45014-C626-4EEB-B453-AFD349ECD2BD} - \MySearchDial No Task File
Task: {529D09E8-5715-441E-B764-E755D30EDA45} - System32\Tasks\{E75144C5-17B0-435B-84CE-C8CFAA0AACD6} => C:\Program Files (x86)\Steam\Steam.exe [2013-07-26] (Valve Corporation)
Task: {55C19DDA-3469-4AA2-8759-222FF4BCAF9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {67E6D58D-E563-4180-B9F4-850C6D99072F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {6CB2E681-0FCB-4DE5-B4B4-766F76D45D07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7741B968-4AC1-4D8E-B746-6A35C1A6CB1C} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {789242B2-ADD7-4990-95A9-23066FB05E95} - \Dealply No Task File
Task: {AA1AB0CE-5A6C-45DB-B09F-6EFF20983559} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-05] (Adobe Systems Incorporated)
Task: {B7B70DDC-2C57-4260-A2A8-8B441D0D9EA8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {C847D4DC-819E-46A7-AC38-DD39EE70CE13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {EA8389BD-3A13-4541-901E-60D64F44895D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-15 11:50 - 2013-05-09 05:58 - 00302224 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\snxhk64.dll
2009-07-13 21:22 - 2009-07-13 22:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2009-07-13 18:59 - 2013-06-21 09:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-07-11 18:46 - 2013-05-29 02:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-15 11:50 - 2013-05-09 05:58 - 00136936 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswJsFlt64.dll
2013-06-15 11:50 - 2013-05-09 06:02 - 00208536 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\AavmRpch64.dll
2013-06-15 20:02 - 2013-01-13 16:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2013-07-11 18:46 - 2013-05-29 02:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-15 12:46 - 2013-06-15 12:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\Dxtrans.dll
2009-07-13 20:41 - 2009-07-13 22:40 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\ddrawex.dll
2013-06-15 12:46 - 2013-06-15 12:46 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\Dxtmsft.dll
2013-06-10 02:25 - 2013-06-21 07:23 - 04528416 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvUI.dll
2013-06-10 02:26 - 2013-08-27 18:16 - 01190688 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU64.DLL
2013-06-10 02:26 - 2013-08-27 18:16 - 04864800 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
2013-06-10 02:26 - 2013-08-27 18:16 - 01662240 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL
2011-08-30 23:05 - 2011-08-30 23:05 - 00132968 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
2013-06-15 11:50 - 2013-05-09 05:58 - 00133840 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashShA64.dll
2009-07-13 20:35 - 2009-07-13 22:40 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll
2010-11-21 00:24 - 2010-11-21 00:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8190.54 MB
Available physical RAM: 5979.13 MB
Total Pagefile: 16379.26 MB
Available Pagefile: 13122.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:395.07 GB) NTFS
Drive e: (Need.For.Speed.M) (CDROM) (Total:2.17 GB) (Free:0 GB) CDFS
Drive f: (SIMS3) (CDROM) (Total:2.65 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 648822D0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:32 PM

Posted 02 September 2013 - 12:47 AM

Hi Emac0

Thanks for that.
Still a bit of work to do.


Step 1
I see that you have Spybot - Search & Destroy installed.
We stopped recommending this some time ago due to poor testing results.
I recommend you uninstall it.


Step 2
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Step 3
Please remove the copy of AdwCleaner that is on your system.
Right click on it and select delete.

Now let's get a fresh copy.

Please download AdwCleaner by Xplode onto your desktop
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 4
  • Download OTL to your desktop.
    [i] right click on the link and select
    'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit:
AdwCleaner report
and both reports from Otl


Thanks.

BBPP6nz.png


#5 Emac0

Emac0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 02 September 2013 - 12:04 PM

# AdwCleaner v3.002 - Report created 02/09/2013 at 13:27:02
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : User - MACCALLUM
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\KeyBar_1.8
Folder Deleted : C:\Users\User\AppData\Local\Temp\CT3304783
Folder Deleted : C:\Users\User\AppData\LocalLow\KeyBar_1.8
Folder Deleted : C:\Users\User\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\um5hbryq.default\CT3304783
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\um5hbryq.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bieggkdbhfmhhgllongmgdegafngmmne
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bieggkdbhfmhhgllongmgdegafngmmne
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bieggkdbhfmhhgllongmgdegafngmmne
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CDB273B9-A904-416E-B13F-90024F20A1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CDB273B9-A904-416E-B13F-90024F20A1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC5DD453-DF01-475F-A92E-06E71F6487AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ADDCC3D-34C4-4664-8FA2-BACC2784F34C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_1.8
Key Deleted : HKLM\Software\KeyBar_1.8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.8 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16496


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\um5hbryq.default\prefs.js ]

Line Deleted : user_pref("CT3304783.FF19Solved", "true");
Line Deleted : user_pref("CT3304783.UserID", "UN55419922525994162");
Line Deleted : user_pref("CT3304783.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3304783.fullUserID", "UN55419922525994162.IN.20130827051326");
Line Deleted : user_pref("CT3304783.installDate", "27/08/2013 05:13:29");
Line Deleted : user_pref("CT3304783.installSessionId", "-1");
Line Deleted : user_pref("CT3304783.installSp", "TRUE");
Line Deleted : user_pref("CT3304783.installerVersion", "1.6.1.1");
Line Deleted : user_pref("CT3304783.keyword", "true");
Line Deleted : user_pref("CT3304783.originalHomepage", "about:home");
Line Deleted : user_pref("CT3304783.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3304783.originalSearchEngine", "");
Line Deleted : user_pref("CT3304783.originalSearchEngineName", "");
Line Deleted : user_pref("CT3304783.searchRevert", "false");
Line Deleted : user_pref("CT3304783.searchUserMode", "2");
Line Deleted : user_pref("CT3304783.smartbar.homepage", "true");
Line Deleted : user_pref("CT3304783.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3304783.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3304783&octid=CT3304783&SearchSource=61&CUI=UN55419922525994162&UM=2&UP=SP03EAFEEA-1601-4CCD-BA84-BD3F715C5358");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304783&CUI=UN55419922525994162&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.internaldb.Resources_resource_remote_1.value", "%22%5Cnfunction%20INCL_checkinternals%28%29%5Cn%7B[...]
Line Deleted : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3304783&octid=CT3304783&SearchSource=61&CUI=UN55419922525994162&UM=2&UP=SP03EAFEEA-1601-4CCD-BA84-BD3F715C53[...]
Line Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304783&SearchSource=2&CUI=UN55419922525994162&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3304783");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3304783&CUI=UN55419922525994162&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3304783&octid=CT3304783&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304783&SearchSource=2&CUI=UN55419922525994162&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3304783");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3304783");
Line Deleted : user_pref("smartbar.machineId", "ZM/PG5TKACE+FIQFNTADZGEZRM4PTNYNIGM+UOICPZNMZTUR7B18KI/IWTZR3XTFOHDRWVXCMQELVDU/GRPXIQ");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3304783&CUI=UN55419922525994162&UM=2&SearchSource=13");

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7050 octets] - [02/09/2013 13:22:01]
AdwCleaner[S0].txt - [6907 octets] - [02/09/2013 13:27:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6967 octets] ##########

 

OTL Extras logfile created on: 9/2/2013 1:51:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.08 Gb Available Physical Memory | 75.97% Memory free
16.00 Gb Paging File | 13.91 Gb Available in Paging File | 86.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 395.18 Gb Free Space | 42.43% Space Free | Partition Type: NTFS
 
Computer Name: MACCALLUM | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025EA669-E283-44A0-A74D-E85C26240B3E}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{0503FC97-830F-450B-BDC2-6DFF29835159}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{068DA251-599E-4DFC-AFD8-EB644774E8A0}" = rport=138 | protocol=17 | dir=out | app=system |
"{0ED45FE2-50FD-4CDC-B1F4-DE09E0AE996B}" = lport=139 | protocol=6 | dir=in | app=system |
"{0FD7472E-63F8-4217-A6CB-0820566CCE6A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B5BE908-41BF-4E19-A871-ADA9DD2F9FDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BA8EBFF-15CF-487C-B78B-1D4F01F61EBC}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{2105E34F-1BCF-499D-9F44-8C450A42D1AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2193D13C-6432-4343-A3CF-233A837CF2DB}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{2622440F-FCD7-4C35-ADF3-F8295BB75FEA}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{2DEA999D-B47E-45FF-9867-B4D0917F4F04}" = lport=58449 | protocol=6 | dir=in | name=pando media booster |
"{3626B16B-03D9-4FF2-B695-941EA252EB24}" = rport=139 | protocol=6 | dir=out | app=system |
"{3AC4A8AD-6CA1-43A0-90A6-94DECDBED5FA}" = lport=58449 | protocol=6 | dir=in | name=pando media booster |
"{3E7CB6E9-7C35-4989-B6DE-DF4F84DAC745}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{47FD7794-8E75-405B-B130-2272F5F728FF}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{498B9BFC-DD8F-4698-9583-279EE0BDD020}" = lport=10243 | protocol=6 | dir=in | app=system |
"{58863D15-81B2-44CE-BB0F-6176E3861CF0}" = lport=445 | protocol=6 | dir=in | app=system |
"{643155DF-F5F2-4111-A751-30FF57B20450}" = lport=138 | protocol=17 | dir=in | app=system |
"{667BFCAD-88BB-4713-84F7-D5C1F8BE82EF}" = lport=58449 | protocol=17 | dir=in | name=pando media booster |
"{6BA50E9D-DFD4-4EC4-8ECC-7FBD22EB67E2}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{75564D4E-7096-43C0-B7E6-698745F8DE5D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D4924E6-7925-4522-90CB-B7235E0AD135}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8725AC26-21DF-4327-AC43-0FA673434B91}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8C250A6D-0512-4862-BA14-291209B20220}" = lport=58449 | protocol=17 | dir=in | name=pando media booster |
"{92DE1970-9425-4200-A8B6-D0A430D0DBCC}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{96AA4756-7054-4A56-875D-426500CE9EA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9837E5D8-163F-4469-90AF-3671198C37C5}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9E5037CB-F0BA-40F1-B250-CB5D7CCA2B29}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A10951D8-B9EC-4417-8518-A5D13C177182}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{AB28C6C2-4873-46F3-9A41-D75D4C9A5A5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD151297-406E-45DB-86DD-B4A550A20EB4}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{BA672BC0-B16E-4709-8017-A51365DFB681}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C5AA076C-BF3E-4B7F-948A-887397032569}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CE2AC97D-69CD-49EB-928C-07F8AAA43B22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFB1670C-626D-46FD-835A-BFF1209A7BB2}" = rport=445 | protocol=6 | dir=out | app=system |
"{DFFCA886-5156-43CE-8299-8E5CD140FC6F}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{E59D014B-08B2-4C34-83CA-442D7A6CA863}" = rport=137 | protocol=17 | dir=out | app=system |
"{E9621F04-117B-4F83-9735-E9F3A71C4E20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA0F41E7-49DB-46C1-9838-0AF5F336B9FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBDDF679-5DAF-4D87-9BEA-6BF424B184FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{EE425DB2-E685-4F4C-BC49-6FDD734711F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EED04C2E-14A2-4E5E-9651-D8502B94E381}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{EFF0D262-D1CB-49A3-8FE2-24AC5BFA0EDC}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F6982909-F524-44C3-AC4D-2D55E45C9D9F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D47868-CE3D-48A3-8204-88A444B45DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{0A0D979E-1E7B-4622-A510-78659AC75EE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{16484BD6-2097-411E-8B0D-FDC82790BDAD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1A2F82DD-6933-4F22-9A55-253AADD733D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{25089B3F-BAC4-41E9-AAE7-7833A63E4D77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26996F45-F4C0-427F-AAC0-E5B1D55E6435}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mirrors edge\binaries\mirrorsedge.exe |
"{29A7C5C9-4EF8-41B7-AA76-4812CEA0C22E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{38EC3C90-BFC8-4AD5-A4D8-D1AAB5874C3D}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mirrors edge\binaries\mirrorsedge.exe |
"{393CEFF0-CC2A-4EC1-ABD5-92917296B3DF}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{41195014-B9A2-45F6-AE54-FD7334D50269}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{453AEC49-7481-4F47-B32F-4E729A955B33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{46921F69-7986-437F-8A2C-8C25210B4899}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\nwzlauncher.exe |
"{4767FD38-F541-4978-B946-5725000DE095}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |
"{4B75482D-264B-416D-A1E2-E693A7EB49F0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4BA69917-1BE7-451F-9461-798EFF92730F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{4F577E72-70ED-4919-B987-F6DF7F42C7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{51B26294-8BCD-43DB-8FB5-5DF7EE30EB1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{52F0538A-877F-43F8-B2EA-DE6319E38417}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\nmservice.exe |
"{53AB8E0D-E9EF-4C35-9D14-BEF8797997BA}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{58512A77-2B13-4DBA-BD63-4AB14923AF7D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5BCF3D9D-E23E-4BBF-B23B-ED7899496FE8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5CA29F85-3217-4C38-BAF7-5EAF734C5655}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{5DBC7D8D-DCC7-40C9-A8FB-B3035D9A743A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe |
"{5E26678E-B60F-4677-A5A8-9FB3EE6E21D7}" = protocol=6 | dir=in | app=c:\games\war thunder\launcher.exe |
"{66F5266E-3C17-4F2C-ADC2-D00AB727814F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6E8ED029-951A-4E41-AA58-95B2D29BF55C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F7A096F-CECA-4E57-8506-02F4B06AA1F4}" = protocol=17 | dir=in | app=c:\games\war thunder\launcher.exe |
"{7205F0AE-7354-41A7-A7E1-873B7823A418}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{74BFE7EF-884B-4CFC-BA4C-4B037A1A53B0}" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"{7618CFEF-62A5-45A0-A5AF-0833D6AA6D10}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{77AAC60F-2FCC-49CD-B92C-A338A32E9CA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |
"{79741375-3927-4B60-8899-A71DD4D44B99}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7CAC5020-6ED9-4638-B356-F0B607F7E475}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EA11745-1366-498C-A8B3-B20092D091E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{7F39C9DC-DBF3-45A9-B219-407C8FA2E2D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82156ADE-B8BB-419C-B8D4-2998837504A1}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{8310B680-3B8F-47BF-984B-7B3A1F7F539E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{853E3F55-502B-4E55-9FDD-3F7D7D697C0D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8B9ED7C5-C6BD-485F-8250-5164F8E724EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{93182736-45EF-4BAE-87A6-8343DC99578C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9447C7C5-5278-4039-A4DD-F72D26D62F3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{999B681E-19BC-4157-A4E1-D8DE19839E48}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9BE38BFA-8C71-44FD-A554-F99B3B4721DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9CE9E84B-11E5-4595-968F-DE236F8CEC0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{A3107888-B77A-46CC-B418-B154435F4797}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{A40B00CC-338B-420F-8A1B-4F9F81A002F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A43DC608-C5BE-462E-AD0A-B34F03CF522C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{A455192D-A5CF-4C50-AAD5-224B1DFE6AFF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A576B714-EAC9-44D4-9B5B-6B84FCC2D527}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\nmservice.exe |
"{A6EEF731-8ECC-4312-96A2-59F3AA629893}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA4BD740-E958-4F91-B520-51EF632AE4EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ABA964FF-4FBC-4FAE-8EDD-9473AC049A6C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{AE01A073-D98C-4820-B996-23F37314129D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B643B9E8-50D4-4D2A-AA76-7A9C8C155547}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{BCC021CB-DC34-4A83-B243-5F38212EE7EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE5EEBCA-3C69-42EE-818D-214C2574BE54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF7AC408-9111-43C5-9E3A-06B3970D693D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF9C9460-7E70-404F-8593-7EEA69AC32E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BFDB242C-CEA4-45C2-AC35-1CBF3FF18B67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{C197FE2B-A792-4AC0-A4DF-7E7C41E99F00}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C438B9DB-94CB-49B3-8D8D-43E274748203}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{C93CE2C9-D75C-4847-B559-068F15E1D92B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe |
"{C983DD92-A179-4119-A62F-A18C0E313598}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D7725A98-6E08-4141-9365-BE60E4E42D4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC40DA4C-4442-4CCE-BC95-3933C0CFEB50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DDDF34C6-EF12-49DF-8825-64CCE8043116}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{E5714E59-8A61-4D18-B44B-8A7EAC919851}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E785F6A8-1D4B-42E6-93BB-2EC8C6A67BE8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E91C8996-D9A3-4528-B5CE-78A850E7E8D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\nwzlauncher.exe |
"{ED47A977-584B-470A-AF0E-1BC7D1BA9D46}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F3D440E1-1491-430E-8C04-5E3354BC686E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F42088BF-1F7E-4AA8-8C19-ECB27384A1E6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{F8351E97-84F1-4427-B1A7-A903AE4A4BBC}" = protocol=6 | dir=out | app=system |
"{FD28F0F0-EE9E-48EB-9751-0C3A7CD73B0B}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{FFDE4D15-0A19-4B14-887C-A10D71A57E88}" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{0005BAB2-D4DE-49EB-A686-E0074F799F68}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{0D7BF5AC-4744-410B-9E51-828AEF0C3367}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{6628CAC7-A1BD-4C44-9D27-1FE2EDE100D5}C:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"TCP Query User{69246225-C048-400D-B3CE-00B27BF5BF2A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A03C4336-73A5-4254-9375-A8EBA4F798BC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{BD8AC9A5-AA22-4252-B592-8777178B747E}C:\users\public\sony online entertainment\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{CBA092BF-94C4-474C-8413-3F225F4C5975}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |
"TCP Query User{DBC0A833-3A03-4D79-8F81-F70E7F48A8C1}C:\program files (x86)\origin games\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\medal of honor\mp\mohmpgame.exe |
"TCP Query User{DEFA81F1-1308-4AD9-A7F2-2D1EAC0481D0}C:\games\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\games\war thunder\aces.exe |
"TCP Query User{E987BF8E-1018-496B-A68A-99A14087362C}C:\users\justin\desktop\gamez\call of duty modern warfare 2 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 2\iw4m.exe" = protocol=6 | dir=in | app=c:\users\justin\desktop\gamez\call of duty modern warfare 2 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 2\iw4m.exe |
"TCP Query User{ED18599F-E54C-4311-9731-537FDFE44E74}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{F130C334-683E-4BD8-929D-C4CA21B77972}C:\users\user\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\user\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{F7D122DB-7728-4D00-B52C-CD1B1CEDE20E}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{FA7B7482-3898-48E1-B96B-81E9D98794CE}C:\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\games\borderlands\binaries\borderlands.exe |
"UDP Query User{1004C730-80BE-4484-B55F-6DA783E8D173}C:\program files (x86)\origin games\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\medal of honor\mp\mohmpgame.exe |
"UDP Query User{10FDDEFE-CC3C-4198-84C2-B0086F5C8D3F}C:\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\games\borderlands\binaries\borderlands.exe |
"UDP Query User{1D850DCD-CD61-421C-B9F6-518F5EB49729}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{304EA83A-08E2-4208-8027-D0EB6B6E2049}C:\users\justin\desktop\gamez\call of duty modern warfare 2 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 2\iw4m.exe" = protocol=17 | dir=in | app=c:\users\justin\desktop\gamez\call of duty modern warfare 2 full multiplayer + sp ^^nosteam^^\call of duty modern warfare 2\iw4m.exe |
"UDP Query User{35F596FE-02A4-4C6E-AF4B-092E7A60A8C1}C:\games\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\games\war thunder\aces.exe |
"UDP Query User{3B28D719-1B9E-47F6-AABC-214BC6A17876}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{66965C1A-2742-4192-B516-6EB034D6ED7E}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{6893A76E-80E6-411D-ADB8-291A5BCFB047}C:\users\user\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\user\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{6FEB7F7A-F9CB-40CF-909E-89A406543872}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{75471984-715D-4F55-AE2E-44C871B3E002}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{9E1C12D2-F4B7-4CB1-A26E-6400B6F54A34}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{BE51FCCE-B46F-442E-B1B6-CCBAF8882EB5}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |
"UDP Query User{D0B9EF8B-0773-4C06-970F-AB95E4C936E3}C:\users\public\sony online entertainment\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{D6CB84CC-A6B4-4EEF-9282-754472743A20}C:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.00 beta 5 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{1CDC8E7D-CDFC-4C2B-A080-23D943354625}" = Burnout™ Paradise: The Ultimate Box
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor ™
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C28455-E285-4639-B4C6-9F747C0C3D4C}" = DayZ Commander
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D7F3EEAD-183C-47DE-BDC5-593539573F97}" = Play withSIX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.246
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}" = ASUS MultiFrame
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"Guild Wars 2" = Guild Wars 2
"HijackThis" = HijackThis 1.99.1
"hosts" = hosts
"League of Legends 3.0.0" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need for Speed Underground 2" = Need for Speed Underground 2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Sanitarium_is1" = Sanitarium
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Stardock MyColors" = Stardock MyColors
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 113400" = APB Reloaded
"Steam App 212180" = Combat Arms
"Steam App 218230" = PlanetSide 2
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 33900" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Sumotori Dreams" = Sumotori Dreams
"Sumotori Full Version" = Sumotori Full Version
"TSEV Skyrim LE_is1" = TSEV Skyrim LE
"TWV0cm9MYXN0TGlnaHQ=_is1" = Metro: Last Light © Deep Silver version 1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.8
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C1C3E833-420E-4D78-9BA7-86AEBB272384}" = TopArcadeHits
"soe-DC Universe Online" = DC Universe Online
"SOE-DC Universe Online Live" = DC Universe Online Live
"The Weather Network" = The Weather Network
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/1/2013 11:16:30 PM | Computer Name = MacCallum | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5195
 
Error - 9/1/2013 11:16:30 PM | Computer Name = MacCallum | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5195
 
Error - 9/1/2013 11:16:31 PM | Computer Name = MacCallum | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 9/1/2013 11:16:31 PM | Computer Name = MacCallum | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6193
 
Error - 9/1/2013 11:16:31 PM | Computer Name = MacCallum | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6193
 
Error - 9/1/2013 11:16:32 PM | Computer Name = MacCallum | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 9/1/2013 11:16:32 PM | Computer Name = MacCallum | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7191
 
Error - 9/1/2013 11:16:32 PM | Computer Name = MacCallum | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7191
 
Error - 9/2/2013 12:31:14 PM | Computer Name = MacCallum | Source = WinMgmt | ID = 10
Description =
 
Error - 9/2/2013 12:49:04 PM | Computer Name = MacCallum | Source = Application Hang | ID = 1002
Description = The program OTL.scr version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 89c    Start Time:
 01cea7fbb3cf24d0    Termination Time: 6    Application Path: C:\Users\User\Downloads\OTL.scr

Report
 Id:   
 
 
< End of report >
 

OTL logfile created on: 9/2/2013 1:51:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.08 Gb Available Physical Memory | 75.97% Memory free
16.00 Gb Paging File | 13.91 Gb Available in Paging File | 86.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 395.18 Gb Free Space | 42.43% Space Free | Partition Type: NTFS
 
Computer Name: MACCALLUM | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.scr (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\User\AppData\Local\The Weather Network\weathereye.exe (Pelmorex Media Inc.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ac41c2666bb4e3dee06bc72eb45c765d\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WindowBlinds) -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer Inc)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
IE:64bit: - HKLM\..\SearchScopes\{6C5A2BBF-F4A2-E4D0-F045-115EFC0D4284}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5EBEDC61-4846-4B2F-90F4-0C515E064F72: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 4E ED 7F 98 65 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5EBEDC61-4846-4B2F-90F4-0C515E064F72: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtD0AyDyDyBtAtA0AyCyCtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=585048215&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: 05dd836e-2cbd-4204-9ff3-2f8a8665967d%40a8876730-fb0c-4057-a2fc-f9c09d438e81.com:0.92.52
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/15 11:50:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/08/26 10:42:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013/09/01 23:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\um5hbryq.default\extensions
[2013/08/27 04:40:17 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\um5hbryq.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
[2013/08/31 23:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\um5hbryq.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData
[2013/08/27 04:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\um5hbryq.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins
[2013/08/31 23:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\um5hbryq.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\userCode
[2013/08/16 23:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/16 23:51:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/16 23:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/16 23:51:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/16 23:51:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/15 11:50:14 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/08/29 16:00:31 | 000,450,636 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKCU..\Run: [Epson Stylus NX510(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S5CF4.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [WeatherEye] C:\Users\User\AppData\Local\The Weather Network\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25FCE191-1042-4643-9F28-FE1769492F31}: DhcpNameServer = 24.222.0.94 24.222.0.95
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{66c7c48f-d611-11e2-8196-00044b0a5572}\Shell - "" = AutoRun
O33 - MountPoints2\{66c7c48f-d611-11e2-8196-00044b0a5572}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{66c7c493-d611-11e2-8196-00044b0a5572}\Shell - "" = AutoRun
O33 - MountPoints2\{66c7c493-d611-11e2-8196-00044b0a5572}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{e6fd30e7-a5e9-11e2-956a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e6fd30e7-a5e9-11e2-956a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/02 13:20:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/01 23:30:52 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/01 23:09:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/29 12:46:19 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2013/08/29 12:46:19 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2013/08/28 03:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2013/08/27 15:31:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SIX Updater
[2013/08/27 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Play withSIX
[2013/08/27 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Play withSIX
[2013/08/27 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\IsolatedStorage
[2013/08/27 15:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2013/08/27 15:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2013/08/27 15:24:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Downloaded Installations
[2013/08/27 05:22:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/27 05:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/08/27 05:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot
[2013/08/26 14:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/08/26 14:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/08/26 14:02:01 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013/08/26 14:02:01 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2013/08/26 14:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/08/26 14:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/08/22 22:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/08/19 18:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space 3
[2013/08/18 20:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013/08/18 20:17:57 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ArmA 2 Other Profiles
[2013/08/18 20:02:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DayZCommander
[2013/08/18 20:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
[2013/08/18 20:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2013/08/18 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ArmA 2
[2013/08/18 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ArmA 2
[2013/08/18 17:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013/08/18 13:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013/08/17 22:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013/08/17 22:43:21 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BIS Core Engine
[2013/08/17 22:43:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ArmA 2 OA
[2013/08/17 22:43:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013/08/17 22:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2013/08/17 21:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burnout Paradise The Ultimate Box
[2013/08/17 21:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013/08/17 20:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013/08/17 20:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013/08/17 20:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013/08/17 20:52:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/08/17 17:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/08/17 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/08/17 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/08/17 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/08/17 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/08/16 23:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/08 23:58:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/07/30 03:38:15 | 026,766,400 | ---- | C] (Stardock Corporation                                                                                                                                                                                                                                                                                        ) -- C:\Users\User\mycolors_setup_dell_preload_03-16-2011.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/02 13:36:45 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/02 13:36:44 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/02 13:35:30 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/02 13:35:30 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/02 13:35:30 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/02 13:30:22 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/02 13:29:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/02 13:29:23 | 2146,332,671 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/02 13:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/02 13:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/02 10:40:31 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013/08/29 16:00:31 | 000,450,636 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/29 08:50:33 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/08/29 08:50:33 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/08/29 08:50:21 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/08/27 05:22:24 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/08/27 05:22:18 | 519,981,052 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/27 05:20:18 | 000,000,738 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/08/26 12:30:52 | 000,002,811 | ---- | M] () -- C:\Windows\wininit.ini
[2013/08/26 12:15:30 | 000,450,636 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130829-160031.backup
[2013/08/20 10:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2013/08/20 10:32:58 | 000,029,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2013/08/20 10:32:46 | 000,028,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2013/08/20 09:08:32 | 000,001,354 | ---- | M] () -- C:\Users\User\Desktop\DayZ Commander.lnk
[2013/08/18 08:54:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/08/17 22:39:14 | 000,000,222 | ---- | M] () -- C:\Users\User\Desktop\Arma 2 Operation Arrowhead Beta.url
[2013/08/17 22:39:14 | 000,000,221 | ---- | M] () -- C:\Users\User\Desktop\Arma 2.url
[2013/08/17 22:39:14 | 000,000,221 | ---- | M] () -- C:\Users\User\Desktop\Arma 2 Operation Arrowhead.url
[2013/08/16 04:30:07 | 000,327,680 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/08/12 17:19:37 | 000,000,042 | ---- | M] () -- C:\Windows\.wb4
[2013/08/12 13:46:02 | 000,002,540 | ---- | M] () -- C:\Users\User\Desktop\DC Universe Online.lnk
[2013/08/05 04:59:04 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/05 04:59:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/03 15:00:13 | 000,196,080 | ---- | M] () -- C:\Users\User\Desktop\Minecraft(1).rar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/02 10:40:31 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013/08/27 05:22:24 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/08/27 05:22:18 | 519,981,052 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/08/27 05:20:18 | 000,000,738 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/08/27 05:13:10 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot.lnk
[2013/08/20 09:08:32 | 000,001,354 | ---- | C] () -- C:\Users\User\Desktop\DayZ Commander.lnk
[2013/08/18 13:22:02 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2013/08/17 22:39:14 | 000,000,222 | ---- | C] () -- C:\Users\User\Desktop\Arma 2 Operation Arrowhead Beta.url
[2013/08/17 22:39:14 | 000,000,221 | ---- | C] () -- C:\Users\User\Desktop\Arma 2.url
[2013/08/17 22:39:14 | 000,000,221 | ---- | C] () -- C:\Users\User\Desktop\Arma 2 Operation Arrowhead.url
[2013/08/17 21:02:53 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/08/17 20:52:24 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/08/17 20:52:24 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/08/17 20:52:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/08/16 04:12:57 | 000,327,680 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2013/08/12 17:19:37 | 000,000,042 | ---- | C] () -- C:\Windows\.wb4
[2013/08/12 13:46:02 | 000,002,570 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk
[2013/08/12 13:46:02 | 000,002,540 | ---- | C] () -- C:\Users\User\Desktop\DC Universe Online.lnk
[2013/08/03 15:00:13 | 000,196,080 | ---- | C] () -- C:\Users\User\Desktop\Minecraft(1).rar
[2013/06/26 23:45:57 | 000,002,811 | ---- | C] () -- C:\Windows\wininit.ini
[2013/06/17 08:19:26 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/06/16 23:00:59 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/06/16 23:00:59 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/06/16 23:00:59 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/06/16 23:00:59 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/06/16 23:00:59 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/06/16 23:00:59 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/06/16 23:00:59 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/06/16 23:00:59 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/06/16 23:00:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/06/16 23:00:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/06/16 23:00:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/06/16 23:00:59 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/06/16 23:00:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/06/16 23:00:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/06/16 23:00:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/06/16 23:00:59 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/06/15 23:11:24 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2013/06/10 02:24:55 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 02:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/09/02 11:40:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2013/06/19 14:02:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Awesomium
[2013/08/19 16:56:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Epson
[2013/06/17 12:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2013/08/27 15:25:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Play withSIX
[2013/07/28 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/09/02 13:29:23 | 2146,332,671 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/02 13:29:29 | 4293,435,391 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2013/05/28 22:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\* >
[2009/07/14 01:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/16 23:51:40 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/16 23:51:40 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/16 23:51:40 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/08/16 23:51:41 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/08/16 23:51:41 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/16 23:51:41 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/08/24 14:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/08/24 14:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/08/24 14:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/08/24 14:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/06/15 12:46:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/06/15 12:46:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/06/15 12:46:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/05/28 23:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/05/28 23:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/08/16 23:51:40 | 000,869,656 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/08/16 23:51:40 | 000,869,656 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/08/16 23:51:40 | 000,869,656 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/08/16 23:51:41 | 000,276,376 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/08/16 23:51:41 | 000,276,376 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/08/16 23:51:41 | 000,276,376 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/08/24 14:49:56 | 000,829,392 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/08/24 14:49:56 | 000,829,392 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/08/24 14:49:56 | 000,829,392 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/08/24 14:49:56 | 000,829,392 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/06/15 12:46:58 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/06/15 12:46:58 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/06/15 12:46:58 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/05/28 23:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013/05/28 23:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 

 

 



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:32 PM

Posted 02 September 2013 - 12:50 PM

Hi Emac0

Thanks for that.

Please click the attachment at the bottom and save it to your Desktop.
Double click on OTL to run it.
  • Click the red Run Fix button.
  • It will say no fix provided and ask if you want to load from File..... click Ok
  • Browse to the downloaded fix.txt ( on the Desktop) and select it.
  • The fix will now load
  • Click the Run Fix button again to start the fix
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
  • Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles



    In your next reply, please submit:
    Otl fix report
    and let me know how the system is running now


    Thanks.

Attached Files

  • Attached File  Fix.txt   2.79KB   1 downloads

Edited by Starbuck, 02 September 2013 - 12:54 PM.

BBPP6nz.png


#7 Emac0

Emac0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 02 September 2013 - 02:41 PM

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EBEDC61-4846-4B2F-90F4-0C515E064F72: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EBEDC61-4846-4B2F-90F4-0C515E064F72: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EBEDC61-4846-4B2F-90F4-0C515E064F72: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EBEDC61-4846-4B2F-90F4-0C515E064F72: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Epson Stylus NX510(Network) deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66c7c48f-d611-11e2-8196-00044b0a5572}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66c7c48f-d611-11e2-8196-00044b0a5572}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66c7c48f-d611-11e2-8196-00044b0a5572}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66c7c48f-d611-11e2-8196-00044b0a5572}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66c7c493-d611-11e2-8196-00044b0a5572}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66c7c493-d611-11e2-8196-00044b0a5572}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66c7c493-d611-11e2-8196-00044b0a5572}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66c7c493-d611-11e2-8196-00044b0a5572}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6fd30e7-a5e9-11e2-956a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6fd30e7-a5e9-11e2-956a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6fd30e7-a5e9-11e2-956a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6fd30e7-a5e9-11e2-956a-806e6f6e6963}\ not found.
File D:\OblivionLauncher.exe not found.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Downloads\cmd.bat deleted successfully.
C:\Users\User\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Justin
->Temp folder emptied: 687577704 bytes
->Temporary Internet Files folder emptied: 220568296 bytes
->Java cache emptied: 79809707 bytes
->Google Chrome cache emptied: 431745262 bytes
->Flash cache emptied: 1293 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 288605873 bytes
->Temporary Internet Files folder emptied: 34117375 bytes
->Java cache emptied: 283449 bytes
->FireFox cache emptied: 75208840 bytes
->Google Chrome cache emptied: 340241763 bytes
->Flash cache emptied: 38070 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5171 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 6427800 bytes
 
Total Files Cleaned = 2,064.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09022013_151453

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\5AF0.tmp moved successfully.
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Things seem to be working well.

Thank You So Much

Trying to instill onto my sons the importance of reading what they are downloading.

 Emac0



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:32 PM

Posted 02 September 2013 - 03:50 PM

Hi Emac0
 

Things seem to be working well

That's good to hear.
 

Trying to instill onto my sons the importance of reading what they are downloading

Very wise.
You may also like to let them know about the use of P2P programs.

Please note that as long as they're using any form of Peer-to-Peer networking ( Frostwire, Ares, uTorrent etc.) and downloading files from non-documented sources, they can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.


Let's run a double check and make sure there's nothing else.....

I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.


Please post the report if anything is found.

Thanks

BBPP6nz.png


#9 Emac0

Emac0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 02 September 2013 - 07:12 PM

C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A application    cleaned by deleting - quarantined
C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
C:\Users\Justin\Desktop\Gamez\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack.iso    a variant of Win32/Keygen.CU application    deleted - quarantined
C:\Users\Justin\Downloads\utorrent.exe    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
C:\Users\User\Downloads\cbsidlm-tr1_14-AdwCleaner-ORG-75851221(1).exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\User\Downloads\cbsidlm-tr1_14-AdwCleaner-ORG-75851221.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\User\Downloads\setup.exe    a variant of Win32/Adware.iBryte.G application    cleaned by deleting - quarantined
 

I agree with you on the P2P, but it seems to be the norm for young people to use. They do not realize that this takes away from artist without compensation and as stated a new form for infecting computers.

 Emac0



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:32 PM

Posted 03 September 2013 - 11:03 AM

Hi Emac0
 

C:\Users\Justin\Desktop\Gamez\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack.iso a variant of Win32/Keygen.CU application deleted - quarantined

This entry refers to an Illegal software download.
You may want to point this out to your sons.
Tell them there's no such thing as a 'free lunch'.
The trade off is usually getting your system infected so the bad guys can steal passwords, login details for banks and credit card details.
It's just not worth the risk.

If you are happy with the way the system is running now, we can finish the cleaning process.

Step 1
Restart MBAM.
Click on the Quarantine tab
If there are items in quarantine.....
Make sure everything is selected and then click Delete All.
Close MBAM.


Step 2
  • Please double-click OTL.exe to run it.
  • You should see a CleanUp! button, press that button,

    cleanupbutton.png
  • This will cleanup an assortment of tools used during malware removal, plus itself
Note:
MBAM will not be removed if it's installed.


Step 3
Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools may not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

Click Start >> Right click Computer >> Properties.
Click System protection (left pane)
Select the System Protection tab, and then click Create.
In the System Protection dialog box, type a description, and then click Create.

To delete all but the last restore point:

Open Disk Cleanup by clicking the Start button.
In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
If prompted, select the drive that you want to clean up, and then click OK.
In the Disk Cleanup for (drive letter) dialog box, click Clean up system files.
If prompted, select the drive that you want to clean up, and then click OK.
Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
In the Disk Cleanup dialog box, click Delete.
Click Delete Files, and then click OK.


To find out how you may have been infected....read this topic:
How did i get infected?


Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

BBPP6nz.png


#11 Emac0

Emac0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 03 September 2013 - 03:49 PM

Thank You So Much Starbuck

 

As long as people believe that anything on the net is free, no matter if useing a keygen or a utorrent or other such, you will always be busy. The days of buying an lp, cd, dvd are slowly going to the wayside.

 

Again thank you for your time. You may concider this thread resolved.

 

Emac0



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:32 PM

Posted 04 September 2013 - 03:52 PM

As this topic has been resolved this thread will now be closed.

If you need this topic reopened, please contact one of the moderating team by PM and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users