PDA

View Full Version : Tree listing inside device manager console expands and contracts,expands and contract



healing41
2014-03-06, 06:52
Edit -Moved: Please don't post Malware logs in the Spybot forums, thanks :-) (http://forums.spybot.info/showthread.php?1266-Please-don-t-post-Malware-logs-in-the-Spybot-forums-thanks-))

-------------------------------------------------------------

Hello and thank you for your effectiveness
yes i have been doing fixes with the tools i can find.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by 14daminute at 3:10:00 on 2014-02-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1769.913 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uDefault_Page_URL = hxxp://www.yahoo.com
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{63FE6FAC-FD10-494E-8096-20541FB848FC}\4584F425E4242594447454F52434 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{98462B45-E612-4FAF-B7CD-8A39F1B1FE69} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA} : DHCPNameServer = 192.168.14.1 66.233.127.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 metrics.bitdefender.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-9 80512]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-9 42624]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-7-30 102528]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-7-30 219776]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-4-9 95248]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-4-9 206632]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-30 648808]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-7-30 54400]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-10-25 81496]
S3 PORTMON;PORTMON;C:\Users\Public\Music\Music\COMPUTER\SysinternalsSuite\PORTMSYS.SYS [2013-8-27 28656]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-14 19456]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-14 30208]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-12-3 19968]
S4 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-8-29 28008]
.
=============== Created Last 30 ================
.
2014-02-25 23:42:15 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{660E6DD7-434C-490A-8E3C-EDEE6FECFC17}\mpengine.dll
2014-02-24 05:59:44 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-20 00:42:02 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F0A0F33-5F8A-438C-B7B5-5393267B2DEE}\gapaengine.dll
2014-02-18 21:05:12 -------- d-----w- C:\Windows\SysWow64\Hotspot Shield
2014-02-18 00:27:45 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2014-02-17 23:59:58 0 ----a-w- C:\Windows\SysWow64\shoD629.tmp
2014-02-17 18:38:08 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-17 18:20:22 9216 ----a-w- C:\Windows\SysWow64\ftlx0411.dll
2014-02-17 18:20:22 9216 ----a-w- C:\Windows\System32\ftlx0411.dll
2014-02-17 18:20:22 10240 ----a-w- C:\Windows\SysWow64\ftlx041e.dll
2014-02-17 18:20:22 10240 ----a-w- C:\Windows\System32\ftlx041e.dll
2014-02-17 18:20:21 296960 ----a-w- C:\Windows\winhlp32.exe
2014-02-17 18:20:21 195072 ----a-w- C:\Windows\SysWow64\ftsrch.dll
2014-02-17 18:20:21 195072 ----a-w- C:\Windows\System32\ftsrch.dll
2014-02-17 17:38:31 -------- d-----w- C:\AdwCleaner
2014-02-15 13:27:47 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-02-15 13:27:28 439296 ----a-w- C:\Windows\System32\plsapp64.dll
2014-02-15 12:31:00 40720 ----a-w- C:\Windows\SysWow64\Partizan.exe
2014-02-15 11:53:57 40720 ----a-w- C:\Windows\System32\Partizan.exe
2014-02-15 11:51:31 -------- d-----w- C:\ProgramData\RegRun
2014-02-15 11:44:27 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2014-02-15 11:44:19 2 --shatr- C:\Windows\winstart.bat
2014-02-15 11:44:07 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2014-02-15 11:43:30 -------- d-----w- C:\Program Files (x86)\UnHackMe
2014-02-15 11:03:20 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-15 11:03:19 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-15 07:35:33 0 ----a-w- C:\Windows\SysWow64\shoF1AF.tmp
2014-02-15 07:00:20 -------- d-----w- C:\Windows\Migration
2014-02-15 04:53:59 999936 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-02-15 04:50:15 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-02-15 03:37:50 -------- d-----w- C:\Windows\CheckSur
2014-02-15 01:23:19 4911888 ----a-w- C:\ProgramData\pclunst.exe
2014-02-15 01:22:54 -------- d-----w- C:\ProgramData\PC1Data
2014-02-15 00:26:29 -------- d-----w- C:\Users\14daminute\AppData\Roaming\LavasoftStatistics
2014-02-14 06:33:52 -------- d-----w- C:\ProgramData\Oracle
2014-02-14 06:33:12 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-13 23:11:55 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-02-13 23:11:55 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-02-13 23:11:54 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-02-13 23:11:54 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-02-13 23:11:54 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-02-13 23:11:54 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-02-13 23:11:54 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-02-13 23:11:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-13 23:11:32 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-13 23:11:31 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-13 23:11:30 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-13 23:11:28 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-13 23:09:30 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-02-13 00:18:40 -------- d-----w- C:\ProgramData\YTD Video Downloader
2014-02-12 21:26:39 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-12 21:20:08 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-02-12 21:19:58 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-02-12 05:19:45 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-12 05:18:55 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-12 03:18:51 -------- d-----w- C:\Users\14daminute\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2014-02-24 06:24:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-24 06:24:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-15 04:54:10 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-02-15 04:54:10 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-02-15 04:54:02 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-02-15 04:54:02 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
2014-02-15 04:54:02 235008 ----a-w- C:\Windows\System32\elshyph.dll
2014-02-15 04:54:01 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
2014-02-15 04:54:00 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
2014-02-15 04:54:00 34816 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-02-15 04:54:00 337408 ----a-w- C:\Windows\SysWow64\html.iec
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-12-01 13:10:54 257624 ----a-w- C:\Windows\System32\unrar64.dll
2013-12-01 13:10:54 218200 ----a-w- C:\Windows\SysWow64\unrar.dll
.
============= FINISH: 3:13:51.04 ===============Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org (http://www.malwarebytes.org)

Database version: v2014.02.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
14healing :: YUANSHEN [limited]

3/4/2014 11:12:30 PM
mbam-log-2014-03-04 (23-12-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 202481
Time elapsed: 10 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OCD
2014-03-07, 04:46
Hi healing41,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================


What tools have you already run?
Did they generate any logs?

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt

healing41
2014-03-07, 14:07
Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

healing41
2014-03-07, 14:20
Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

healing41
2014-03-07, 14:36
OTL logfile created on: 2/11/2014 2:34:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14healing\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 47.22% Memory free
1.73 Gb Paging File | 0.74 Gb Available in Paging File | 42.66% Paging File free
Paging file location(s):

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 6.13 Gb Free Space | 2.15% Space Free | Partition Type: NTFS

Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/11 14:33:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\14healing\Desktop\OTL.exe
PRC - [2013/12/05 11:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/07/31 12:33:50 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/13 13:08:14 | 003,500,568 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
PRC - [2012/11/13 13:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2010/01/29 15:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/05 11:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/13 13:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 13:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 13:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 13:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 13:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 08:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll


========== Services (SafeList) ==========

SRV:[b]64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/07 16:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/01/26 16:07:14 | 000,235,520 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/01/08 00:38:57 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 11:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/31 12:33:50 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/23 01:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/29 15:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/30 00:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/02/11 19:59:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2012/08/29 09:46:14 | 000,028,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/26 16:41:34 | 010,721,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/26 15:06:00 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/19 00:41:36 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/01/17 11:00:56 | 000,206,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/12/04 22:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/23 07:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/15 16:35:58 | 000,054,400 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/10/28 03:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/28 03:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/10/25 06:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 06:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/10/25 05:09:20 | 000,081,496 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/07/13 21:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 21:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/08/27 14:37:50 | 000,028,656 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Users\Public\Music\Music\COMPUTER\SysinternalsSuite\PORTMSYS.SYS -- (PORTMON)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm002^S02513^us&si=CLPbzM3vhbICFWWCQgod3wwAUQ&ptb=C8321473-01D5-48BE-B953-26F3C8F957B1&psa=&ind=2012082614&st=sb&n=77edf1b6&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm027YYus&ptnrS=GRxdm027YYus&ptb=5DDD51BA-82DC-4CEE-B56D-A52414053478&ind=2012081817&n=77edee99&psa=&st=sb&searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\14daminute\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {87BD924A-D432-47A2-A632-96AA9A3A4574}
IE - HKCU\..\SearchScopes\{002F1684-F771-48FE-80BC-2191F7AA69E4}: "URL" = http://www.ted.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{5E80220D-238A-4244-A118-692E140984F5}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{6F7A85A1-8C1A-462D-B491-AD0C9D79BF60}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN40403898082268390&UM=2
IE - HKCU\..\SearchScopes\{87BD924A-D432-47A2-A632-96AA9A3A4574}: "URL" = http://www.bing.com/search?FORM=UP75DF&PC=UP75&dt=042213&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013/08/19 15:20:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013/08/19 15:20:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/22 16:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\14daminute\AppData\Roaming\Mozilla\Extensions
[2013/12/22 16:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\14daminute\AppData\Roaming\Mozilla\Firefox\Profiles\hz48d8fu.default\extensions
[2013/12/22 16:01:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\14daminute\AppData\Roaming\Mozilla\Firefox\Profiles\hz48d8fu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/12/22 16:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 16:00:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/22 16:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/12/22 16:00:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2013/07/28 00:01:48 | 000,881,672 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ___id___.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 0.r.msn.com
O1 - Hosts: 127.0.0.1 005.free-counter.co.uk
O1 - Hosts: 127.0.0.1 006.free-counter.co.uk
O1 - Hosts: 127.0.0.1 007.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counters.co.uk
O1 - Hosts: 127.0.0.1 00fun.com
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0d7292.r.axf8.net
O1 - Hosts: 127.0.0.1 0f36f3.r.axf8.net
O1 - Hosts: 127.0.0.1 1.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 1.googlenews.xorg.pl
O1 - Hosts: 127.0.0.1 1.hot-dances.com
O1 - Hosts: 127.0.0.1 1.ofsnetwork.com
O1 - Hosts: 127.0.0.1 1.oz-over.com
O1 - Hosts: 127.0.0.1 1.sharkadnetwork.com
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 29100 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF48A53D-188E-4F31-9EAC-905D29793A76} - No CLSID value found.
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98462B45-E612-4FAF-B7CD-8A39F1B1FE69}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA}: DhcpNameServer = 192.168.14.1 66.233.127.12
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/11 14:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/11 13:59:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/11 13:59:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/11 13:56:58 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/11 13:56:58 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/11 13:56:58 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/11 13:52:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/11 13:52:04 | 1391,484,928 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/11 13:50:49 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/11 13:50:27 | 000,275,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/07 11:56:18 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/04/27 10:02:54 | 000,006,224 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 14:27:00 | 000,007,671 | ---- | C] () -- C:\Users\14daminute\AppData\Local\Resmon.ResmonCfg
[2013/02/16 07:44:06 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/24 12:20:17 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/26 13:48:23 | 000,020,448 | ---- | C] () -- C:\Users\14daminute\AppData\Roaming\UserTile.png
[2012/07/30 01:26:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/09 20:34:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/09 20:34:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/09 20:34:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/14 11:46:30 | 000,000,000 | ---D | M] -- C:\Users\14daminute\AppData\Roaming\Amazon
[2013/03/10 19:31:11 | 000,000,000 | ---D | M] -- C:\Users\14daminute\AppData\Roaming\FreemakeVideoDownloader
[2012/09/26 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\14daminute\AppData\Roaming\PeerNetworking
[2012/07/31 13:29:41 | 000,000,000 | ---D | M] -- C:\Users\14daminute\AppData\Roaming\Screensaver
[2012/10/24 12:40:48 | 000,000,000 | ---D | M] -- C:\Users\14daminute\AppData\Roaming\SoftGrid Client
[2012/10/24 12:21:32 | 000,000,000 | ---D | M] -- C:\Users\14daminute\AppData\Roaming\TP

========== Purity Check ==========



< End of report >

healing41
2014-03-07, 14:48
OTL Extras logfile created on: 2/11/2014 2:34:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14healing\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 47.22% Memory free
1.73 Gb Paging File | 0.74 Gb Available in Paging File | 42.66% Paging File free
Paging file location(s):

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 6.13 Gb Free Space | 2.15% Space Free | Partition Type: NTFS

Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E230BC5-4184-49EB-A4F4-2149DB8AC3D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{44A11808-7B22-4777-B224-E6928894CDB3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{147778F5-D027-46F9-BDA2-C3FF2DC164F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{220ADB7E-8E25-4617-9B0B-70CCCBB9D17C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E62FBDF-AFC6-486C-85BF-39297933A7BF}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{758C2AFA-B40D-45A4-BBBF-303B1D22B85B}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{792F43DD-F548-48A6-B915-554DFC1E252D}" = protocol=6 | dir=in | app=c:\program files (x86)\freemake\freemake video downloader\freemakevideodownloader.exe |
"{8326FFC5-5E57-422D-AE35-9BCF2CF7F372}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{843473EC-D779-4B2F-A377-EF42B7C61BBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89CF957B-E1CA-4C5E-A8DA-5CAE890E9354}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E7EBD81-ED0E-4312-ABF5-A6A8CB6A8D1E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9DDDEB42-CDB1-4E38-81DF-7CDBE13CA3E7}" = protocol=6 | dir=in | app=d:\wininit.exe |
"{B1E7F81D-C534-4033-BFEE-045A089297BF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA02E049-8693-494E-8A98-D9CB2BE5B417}" = protocol=17 | dir=in | app=c:\program files (x86)\freemake\freemake video downloader\freemakevideodownloader.exe |
"{EF638B55-38BD-416A-8F5D-3942E8F9105C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{FE171D3A-071C-4937-872E-7ABCED7740E5}" = protocol=17 | dir=in | app=d:\wininit.exe |
"TCP Query User{02445C78-14D7-49AA-9273-819E9B61E9BD}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |
"TCP Query User{5AC3BDEC-30F0-42DB-BB08-749D57928CAD}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{B867FF5C-A40A-4324-80DE-7DE8279E5204}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{FA559B82-DD27-4436-BC9A-63626A0B79A2}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029CA27F-8D5C-AC3C-319B-FA50664CE9F9}" = AMD Catalyst Install Manager
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975352A0-948D-D5C7-A07E-24B970EDF2A9}" = ccc-utility64
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CD763F71-AA9E-5124-94CE-03730E766067}" = AMD Media Foundation Decoders
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.6.8.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{073AB2D7-2B91-D6FF-FE7E-86BF8A7BFBD0}" = CCC Help Hungarian
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{1342B867-AF20-CAB4-5933-118771F81A1B}" = CCC Help Dutch
"{136AF185-A315-345C-4FB8-579F893C3C89}" = CCC Help Greek
"{1816F8CA-43E0-1A7E-86A2-9A29128D2D16}" = Catalyst Control Center InstallProxy
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{204A6124-5CC2-3DAD-9BF0-576C315FF82A}" = CCC Help English
"{2250E769-2D53-80A5-3AF4-07960E1C0BF6}" = CCC Help French
"{27A2CE49-B8FE-40EB-57BF-DD63554ED30D}" = CCC Help Czech
"{31CB830F-FDD6-24DF-EBA2-CF1AEF4F4E4F}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E9EEE15-2E4A-82E8-5BD2-D417E771916B}" = CCC Help Swedish
"{400639AE-E3A0-8B24-5522-80ED9E5546EA}" = CCC Help Japanese
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{45C164A8-E43E-4E1C-B532-C49729ACEDFE}" = Catalyst Control Center - Branding
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4DF4B93E-8A95-4DA0-DEE0-33537DFE5A48}" = CCC Help Thai
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{563C0A16-FCB5-DA60-D5CF-B0E22F7D325A}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59AAF033-AD0C-F8FA-9C49-AE4FAE1ECF2C}" = CCC Help Norwegian
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{608363EA-6216-B6FB-F870-196A491A0B37}" = CCC Help Russian
"{616A0B52-7317-4293-90C9-1E4A793F4BC2}" = Alcor Micro USB Card Reader
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68559D97-71AF-B70D-2FC1-45370BEE892C}" = AMD VISION Engine Control Center
"{6A8A32FC-C798-3979-EB3A-7FD7A7977ECE}" = CCC Help Chinese Standard
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738E7C33-0368-F7AF-F3D3-0B7D6FCB8CFB}" = CCC Help Polish
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF66E73-B760-4A07-276D-C5FAA401BB54}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DBFF182-AE53-88AC-1F65-180130C4170B}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96C52203-0162-677C-3F90-26AACF07FC63}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78796A8-3827-B1B9-6BB8-06165C809174}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B07388F8-772A-8E09-8FD7-C9839EB70B18}" = CCC Help Turkish
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C24C19AA-8612-9FB6-6EAC-BCC4DF33D92C}" = CCC Help Korean
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8C69122-5544-6914-BFF2-EF8D286F0957}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E68849B1-62A5-C4DD-0450-EF36C21FEDA3}" = CCC Help Spanish
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FABC08FE-E097-CEFB-2C37-8D53FC9FBDA9}" = CCC Help Chinese Traditional
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"DFX" = DFX
"ERUNT_is1" = ERUNT 1.1j
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Identity Card" = Identity Card
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.2.0 Basic
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2014 10:22:39 PM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 1/3/2014 10:48:31 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/3/2014 10:57:05 PM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 1/3/2014 11:04:52 PM | Computer Name = yuanshen | Source = ESENT | ID = 489
Description = taskhost (380) An attempt to open the file "C:\Users\healing41\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 1/4/2014 12:11:13 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/4/2014 12:19:57 AM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 1/4/2014 2:39:36 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/4/2014 10:20:14 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/4/2014 10:38:09 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/5/2014 1:00:54 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/5/2014 1:04:15 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 10/18/2013 9:52:19 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 6:52:18 AM - Error connecting to the internet. 6:52:18 AM - Unable
to contact server..

Error - 10/23/2013 9:46:26 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 6:46:26 AM - Error connecting to the internet. 6:46:26 AM - Unable
to contact server..

Error - 10/28/2013 6:19:40 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 3:19:39 AM - Error connecting to the internet. 3:19:39 AM - Unable
to contact server..

Error - 11/2/2013 5:01:59 PM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:01:58 PM - Error connecting to the internet. 2:01:59 PM - Unable
to contact server..

Error - 11/7/2013 6:12:57 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:12:56 AM - Error connecting to the internet. 2:12:56 AM - Unable
to contact server..

Error - 11/12/2013 6:06:05 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:06:05 AM - Error connecting to the internet. 2:06:05 AM - Unable
to contact server..

Error - 11/17/2013 6:35:18 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:35:17 AM - Error connecting to the internet. 2:35:17 AM - Unable
to contact server..

Error - 11/22/2013 6:34:10 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:34:10 AM - Error connecting to the internet. 2:34:10 AM - Unable
to contact server..

Error - 11/27/2013 6:21:09 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:21:08 AM - Error connecting to the internet. 2:21:08 AM - Unable
to contact server..

Error - 12/3/2013 12:57:20 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 8:57:19 PM - Error connecting to the internet. 8:57:19 PM - Unable
to contact server..

[ Spybot - Search and Destroy Events ]
Error - 4/27/2013 2:03:27 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 4/27/2013 2:04:45 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 4/27/2013 2:05:30 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 4/27/2013 2:06:12 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/17/2013 7:50:17 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:55:28 PM | Computer Name = yuanshen | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80071a30: Security Update for Windows 7 for x64-based Systems (KB2862330).


< End of report >

healing41
2014-03-07, 14:50
OTL Extras logfile created on: 2/11/2014 2:34:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14healing\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 47.22% Memory free
1.73 Gb Paging File | 0.74 Gb Available in Paging File | 42.66% Paging File free
Paging file location(s):

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 6.13 Gb Free Space | 2.15% Space Free | Partition Type: NTFS

Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E230BC5-4184-49EB-A4F4-2149DB8AC3D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{44A11808-7B22-4777-B224-E6928894CDB3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{147778F5-D027-46F9-BDA2-C3FF2DC164F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{220ADB7E-8E25-4617-9B0B-70CCCBB9D17C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E62FBDF-AFC6-486C-85BF-39297933A7BF}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{758C2AFA-B40D-45A4-BBBF-303B1D22B85B}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{792F43DD-F548-48A6-B915-554DFC1E252D}" = protocol=6 | dir=in | app=c:\program files (x86)\freemake\freemake video downloader\freemakevideodownloader.exe |
"{8326FFC5-5E57-422D-AE35-9BCF2CF7F372}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{843473EC-D779-4B2F-A377-EF42B7C61BBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89CF957B-E1CA-4C5E-A8DA-5CAE890E9354}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E7EBD81-ED0E-4312-ABF5-A6A8CB6A8D1E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9DDDEB42-CDB1-4E38-81DF-7CDBE13CA3E7}" = protocol=6 | dir=in | app=d:\wininit.exe |
"{B1E7F81D-C534-4033-BFEE-045A089297BF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA02E049-8693-494E-8A98-D9CB2BE5B417}" = protocol=17 | dir=in | app=c:\program files (x86)\freemake\freemake video downloader\freemakevideodownloader.exe |
"{EF638B55-38BD-416A-8F5D-3942E8F9105C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{FE171D3A-071C-4937-872E-7ABCED7740E5}" = protocol=17 | dir=in | app=d:\wininit.exe |
"TCP Query User{02445C78-14D7-49AA-9273-819E9B61E9BD}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |
"TCP Query User{5AC3BDEC-30F0-42DB-BB08-749D57928CAD}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{B867FF5C-A40A-4324-80DE-7DE8279E5204}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{FA559B82-DD27-4436-BC9A-63626A0B79A2}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029CA27F-8D5C-AC3C-319B-FA50664CE9F9}" = AMD Catalyst Install Manager
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975352A0-948D-D5C7-A07E-24B970EDF2A9}" = ccc-utility64
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CD763F71-AA9E-5124-94CE-03730E766067}" = AMD Media Foundation Decoders
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.6.8.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{073AB2D7-2B91-D6FF-FE7E-86BF8A7BFBD0}" = CCC Help Hungarian
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{1342B867-AF20-CAB4-5933-118771F81A1B}" = CCC Help Dutch
"{136AF185-A315-345C-4FB8-579F893C3C89}" = CCC Help Greek
"{1816F8CA-43E0-1A7E-86A2-9A29128D2D16}" = Catalyst Control Center InstallProxy
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{204A6124-5CC2-3DAD-9BF0-576C315FF82A}" = CCC Help English
"{2250E769-2D53-80A5-3AF4-07960E1C0BF6}" = CCC Help French
"{27A2CE49-B8FE-40EB-57BF-DD63554ED30D}" = CCC Help Czech
"{31CB830F-FDD6-24DF-EBA2-CF1AEF4F4E4F}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E9EEE15-2E4A-82E8-5BD2-D417E771916B}" = CCC Help Swedish
"{400639AE-E3A0-8B24-5522-80ED9E5546EA}" = CCC Help Japanese
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{45C164A8-E43E-4E1C-B532-C49729ACEDFE}" = Catalyst Control Center - Branding
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4DF4B93E-8A95-4DA0-DEE0-33537DFE5A48}" = CCC Help Thai
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{563C0A16-FCB5-DA60-D5CF-B0E22F7D325A}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59AAF033-AD0C-F8FA-9C49-AE4FAE1ECF2C}" = CCC Help Norwegian
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{608363EA-6216-B6FB-F870-196A491A0B37}" = CCC Help Russian
"{616A0B52-7317-4293-90C9-1E4A793F4BC2}" = Alcor Micro USB Card Reader
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68559D97-71AF-B70D-2FC1-45370BEE892C}" = AMD VISION Engine Control Center
"{6A8A32FC-C798-3979-EB3A-7FD7A7977ECE}" = CCC Help Chinese Standard
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738E7C33-0368-F7AF-F3D3-0B7D6FCB8CFB}" = CCC Help Polish
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF66E73-B760-4A07-276D-C5FAA401BB54}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DBFF182-AE53-88AC-1F65-180130C4170B}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96C52203-0162-677C-3F90-26AACF07FC63}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78796A8-3827-B1B9-6BB8-06165C809174}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B07388F8-772A-8E09-8FD7-C9839EB70B18}" = CCC Help Turkish
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C24C19AA-8612-9FB6-6EAC-BCC4DF33D92C}" = CCC Help Korean
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8C69122-5544-6914-BFF2-EF8D286F0957}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E68849B1-62A5-C4DD-0450-EF36C21FEDA3}" = CCC Help Spanish
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FABC08FE-E097-CEFB-2C37-8D53FC9FBDA9}" = CCC Help Chinese Traditional
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"DFX" = DFX
"ERUNT_is1" = ERUNT 1.1j
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Identity Card" = Identity Card
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.2.0 Basic
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2014 10:22:39 PM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 1/3/2014 10:48:31 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/3/2014 10:57:05 PM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 1/3/2014 11:04:52 PM | Computer Name = yuanshen | Source = ESENT | ID = 489
Description = taskhost (380) An attempt to open the file "C:\Users\healing41\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 1/4/2014 12:11:13 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/4/2014 12:19:57 AM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 1/4/2014 2:39:36 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/4/2014 10:20:14 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/4/2014 10:38:09 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/5/2014 1:00:54 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

Error - 1/5/2014 1:04:15 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 10/18/2013 9:52:19 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 6:52:18 AM - Error connecting to the internet. 6:52:18 AM - Unable
to contact server..

Error - 10/23/2013 9:46:26 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 6:46:26 AM - Error connecting to the internet. 6:46:26 AM - Unable
to contact server..

Error - 10/28/2013 6:19:40 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 3:19:39 AM - Error connecting to the internet. 3:19:39 AM - Unable
to contact server..

Error - 11/2/2013 5:01:59 PM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:01:58 PM - Error connecting to the internet. 2:01:59 PM - Unable
to contact server..

Error - 11/7/2013 6:12:57 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:12:56 AM - Error connecting to the internet. 2:12:56 AM - Unable
to contact server..

Error - 11/12/2013 6:06:05 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:06:05 AM - Error connecting to the internet. 2:06:05 AM - Unable
to contact server..

Error - 11/17/2013 6:35:18 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:35:17 AM - Error connecting to the internet. 2:35:17 AM - Unable
to contact server..

Error - 11/22/2013 6:34:10 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:34:10 AM - Error connecting to the internet. 2:34:10 AM - Unable
to contact server..

Error - 11/27/2013 6:21:09 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:21:08 AM - Error connecting to the internet. 2:21:08 AM - Unable
to contact server..

Error - 12/3/2013 12:57:20 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 8:57:19 PM - Error connecting to the internet. 8:57:19 PM - Unable
to contact server..

[ Spybot - Search and Destroy Events ]
Error - 4/27/2013 2:03:27 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 4/27/2013 2:04:45 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 4/27/2013 2:05:30 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 4/27/2013 2:06:12 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/17/2013 7:50:17 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 2/11/2014 5:55:28 PM | Computer Name = yuanshen | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80071a30: Security Update for Windows 7 for x64-based Systems (KB2862330).


< End of report >

OCD
2014-03-07, 17:33
Hi healing41,

Please be sure to read through the instructions completely when posting logs. I see you have OTL installed, we can use that program to remove the malware. You don't need to post the FRST logs (FRST.tx & Addition.txt). In the future, if the logs are too big to post just split them into separate replies.

Your aswMBR log should be on your desktop as aswMBR.txt, please post that file. (do not zip that file)

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool

Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run OTL (it should be located on your desktop).


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

AdwCleaner[S0].txt
JRT.txt
Fresh OTL.txt
What symptoms are you experiencing?

healing41
2014-03-08, 03:51
OTL logfile created on: 3/7/2014 4:49:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14daminute\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 52.14% Memory free
3.68 Gb Paging File | 2.59 Gb Available in Paging File | 70.38% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2500

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 25.13 Gb Free Space | 8.82% Space Free | Partition Type: NTFS

Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/11/13 13:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2010/01/29 15:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/13 13:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 13:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 13:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 13:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 13:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:[b]64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/07 16:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/10/26 02:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/03/23 01:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 15:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/05 12:36:26 | 004,726,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/20 17:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/30 00:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/02/11 19:59:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2012/08/29 09:46:14 | 000,028,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 11:00:56 | 000,206,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/12/04 22:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/23 07:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/10/28 03:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/28 03:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/10/26 03:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 01:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/25 06:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 06:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/10/25 05:09:20 | 000,081,496 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/07/13 21:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 21:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/02/15 03:44:27 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\Windows\SysWOW64\drivers\Partizan.sys -- (Partizan)
DRV - [2013/08/27 14:37:50 | 000,028,656 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Users\Public\Music\Music\COMPUTER\SysinternalsSuite\PORTMSYS.SYS -- (PORTMON)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\14daminute\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8B EA B6 85 36 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {87BD924A-D432-47A2-A632-96AA9A3A4574}
IE - HKCU\..\SearchScopes\{002F1684-F771-48FE-80BC-2191F7AA69E4}: "URL" = http://www.ted.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{5E80220D-238A-4244-A118-692E140984F5}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{87BD924A-D432-47A2-A632-96AA9A3A4574}: "URL" = http://www.bing.com/search?FORM=UP75DF&PC=UP75&dt=042213&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)



O1 HOSTS File: ([2013/07/28 00:01:48 | 000,881,672 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ___id___.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 0.r.msn.com
O1 - Hosts: 127.0.0.1 005.free-counter.co.uk
O1 - Hosts: 127.0.0.1 006.free-counter.co.uk
O1 - Hosts: 127.0.0.1 007.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counters.co.uk
O1 - Hosts: 127.0.0.1 00fun.com
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0d7292.r.axf8.net
O1 - Hosts: 127.0.0.1 0f36f3.r.axf8.net
O1 - Hosts: 127.0.0.1 1.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 1.googlenews.xorg.pl
O1 - Hosts: 127.0.0.1 1.hot-dances.com
O1 - Hosts: 127.0.0.1 1.ofsnetwork.com
O1 - Hosts: 127.0.0.1 1.oz-over.com
O1 - Hosts: 127.0.0.1 1.sharkadnetwork.com
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 29100 more lines...
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF48A53D-188E-4F31-9EAC-905D29793A76} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98462B45-E612-4FAF-B7CD-8A39F1B1FE69}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA}: DhcpNameServer = 192.168.14.1 66.233.127.12
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 16:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/07 14:22:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/07 02:07:55 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RO2GNKV
[2014/03/07 02:05:57 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RL5HBKR
[2014/03/05 19:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/05 13:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/03/05 13:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/03/05 13:13:04 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 13:13:02 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 13:13:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 13:13:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 13:13:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 13:12:56 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 13:12:55 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 13:12:55 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 13:12:54 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 13:12:54 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 13:12:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 13:12:53 | 002,393,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 13:12:52 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 13:12:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 13:12:49 | 003,049,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 13:12:48 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 13:12:47 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 13:12:47 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 13:12:46 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 13:12:46 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 13:12:43 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 13:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 13:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 13:12:41 | 001,004,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 13:12:41 | 000,085,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 13:12:38 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/03/05 13:12:38 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/03/05 13:12:37 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/03/05 13:12:37 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/03/05 13:12:37 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/03/05 13:12:35 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 13:12:34 | 002,238,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 13:12:33 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 13:12:33 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 13:12:33 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 13:12:12 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 13:12:11 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 13:12:11 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 13:12:11 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 13:12:10 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 13:12:10 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 13:12:09 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 13:12:09 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 13:12:09 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 13:12:09 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 13:12:09 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 13:12:08 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 13:12:08 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 13:12:06 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 13:12:06 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 13:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/05 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\ATI
[2014/03/05 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\ATI
[2014/03/05 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\InstallShield
[2014/03/03 22:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/03 22:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/27 14:11:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/02/17 10:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/17 10:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/02/17 10:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/02/17 10:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/02/17 10:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/02/17 10:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/02/17 10:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\5aSkPlay_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\5aSkPlay_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal spy-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal spy-bg_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\5aSkPlay_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\5aSkPlay_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\deal spy-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\deal spy-bg_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASMANCS



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoCB5C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD629.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF1AF.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\14daminute\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\14daminute\appdata\locallow\whitesmoke_new"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\14daminute\appdata\local\{02B511D3-DAED-4B84-AFC9-25BE268FC1CA}
Successfully deleted: [Empty Folder] C:\Users\14daminute\appdata\local\{03285805-EE99-4F65-9E93-E9CA2BC6070D}
Successfully deleted: [Empty Folder] C:\Users\14daminute\appdata\local\{21D5288B-A500-4FFE-81C7-12C41BE82388}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 14:40:22.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

healing41
2014-03-08, 04:02
OTL logfile created on: 3/7/2014 4:49:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14daminute\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 52.14% Memory free
3.68 Gb Paging File | 2.59 Gb Available in Paging File | 70.38% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2500

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 25.13 Gb Free Space | 8.82% Space Free | Partition Type: NTFS

Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/11/13 13:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2010/01/29 15:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/13 13:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 13:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 13:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 13:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 13:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:[b]64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/07 16:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/10/26 02:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/03/23 01:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 15:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/05 12:36:26 | 004,726,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/20 17:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/30 00:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/02/11 19:59:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2012/08/29 09:46:14 | 000,028,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 11:00:56 | 000,206,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/12/04 22:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/23 07:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/10/28 03:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/28 03:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/10/26 03:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 01:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/25 06:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 06:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/10/25 05:09:20 | 000,081,496 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/07/13 21:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 21:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/02/15 03:44:27 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\Windows\SysWOW64\drivers\Partizan.sys -- (Partizan)
DRV - [2013/08/27 14:37:50 | 000,028,656 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Users\Public\Music\Music\COMPUTER\SysinternalsSuite\PORTMSYS.SYS -- (PORTMON)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\14daminute\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8B EA B6 85 36 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {87BD924A-D432-47A2-A632-96AA9A3A4574}
IE - HKCU\..\SearchScopes\{002F1684-F771-48FE-80BC-2191F7AA69E4}: "URL" = http://www.ted.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{5E80220D-238A-4244-A118-692E140984F5}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{87BD924A-D432-47A2-A632-96AA9A3A4574}: "URL" = http://www.bing.com/search?FORM=UP75DF&PC=UP75&dt=042213&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)



O1 HOSTS File: ([2013/07/28 00:01:48 | 000,881,672 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ___id___.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 0.r.msn.com
O1 - Hosts: 127.0.0.1 005.free-counter.co.uk
O1 - Hosts: 127.0.0.1 006.free-counter.co.uk
O1 - Hosts: 127.0.0.1 007.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counters.co.uk
O1 - Hosts: 127.0.0.1 00fun.com
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0d7292.r.axf8.net
O1 - Hosts: 127.0.0.1 0f36f3.r.axf8.net
O1 - Hosts: 127.0.0.1 1.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 1.googlenews.xorg.pl
O1 - Hosts: 127.0.0.1 1.hot-dances.com
O1 - Hosts: 127.0.0.1 1.ofsnetwork.com
O1 - Hosts: 127.0.0.1 1.oz-over.com
O1 - Hosts: 127.0.0.1 1.sharkadnetwork.com
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 29100 more lines...
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF48A53D-188E-4F31-9EAC-905D29793A76} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98462B45-E612-4FAF-B7CD-8A39F1B1FE69}: NameServer = 8.8.8.8,8.8.4.4

healing41
2014-03-08, 04:03
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA}: DhcpNameServer = 192.168.14.1 66.233.127.12
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 16:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/07 14:22:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/07 02:07:55 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RO2GNKV
[2014/03/07 02:05:57 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RL5HBKR
[2014/03/05 19:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/05 13:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/03/05 13:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/03/05 13:13:04 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 13:13:02 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 13:13:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 13:13:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 13:13:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 13:12:56 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 13:12:55 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 13:12:55 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 13:12:54 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 13:12:54 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 13:12:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 13:12:53 | 002,393,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 13:12:52 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 13:12:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 13:12:49 | 003,049,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 13:12:48 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 13:12:47 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 13:12:47 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 13:12:46 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 13:12:46 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 13:12:43 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 13:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 13:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 13:12:41 | 001,004,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 13:12:41 | 000,085,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 13:12:38 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/03/05 13:12:38 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/03/05 13:12:37 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/03/05 13:12:37 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/03/05 13:12:37 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/03/05 13:12:35 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 13:12:34 | 002,238,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 13:12:33 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 13:12:33 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 13:12:33 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 13:12:12 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 13:12:11 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 13:12:11 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 13:12:11 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 13:12:10 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 13:12:10 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 13:12:09 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 13:12:09 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 13:12:09 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 13:12:09 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 13:12:09 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 13:12:08 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 13:12:08 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 13:12:06 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 13:12:06 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 13:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/05 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\ATI
[2014/03/05 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\ATI
[2014/03/05 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\InstallShield
[2014/03/03 22:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/03 22:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/27 14:11:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/02/17 10:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/17 10:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/02/17 10:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/02/17 10:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/02/17 10:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/02/17 10:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/02/17 10:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2014/02/17 10:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/02/17 09:38:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/15 05:27:48 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/02/15 05:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/15 05:27:28 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/02/15 03:53:57 | 000,040,720 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2014/02/15 03:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2014/02/15 03:44:27 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2014/02/15 03:44:09 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Documents\RegRun2
[2014/02/15 03:44:07 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2014/02/15 03:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2014/02/15 03:44:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2014/02/15 03:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2014/02/15 03:03:19 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/15 03:01:34 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/15 03:01:34 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/15 03:01:32 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/15 03:01:32 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/15 03:01:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/15 03:01:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/15 03:01:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/15 03:01:27 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/15 03:01:26 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/15 03:01:26 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/15 03:01:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/15 03:01:25 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/15 03:01:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/15 03:01:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/15 03:01:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/15 03:01:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/15 03:01:22 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/15 03:01:22 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/15 03:01:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/15 03:01:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/15 03:01:15 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/15 03:01:14 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/15 03:01:03 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/14 23:00:20 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/14 20:54:10 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/14 20:54:10 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/02/14 20:54:02 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/02/14 20:54:02 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/02/14 20:54:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/02/14 20:54:00 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/02/14 20:54:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/02/14 20:54:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/02/14 20:54:00 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/02/14 20:53:59 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/02/14 20:53:59 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/14 20:53:59 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/02/14 20:53:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/02/14 20:53:59 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/02/14 20:53:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/02/14 20:53:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/02/14 20:53:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/14 20:53:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/02/14 20:53:57 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/14 20:53:57 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/02/14 20:53:57 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/02/14 20:53:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/02/14 20:53:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/02/14 20:53:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/02/14 20:53:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/02/14 20:53:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/02/14 20:53:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/02/14 20:53:55 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/02/14 20:53:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/02/14 20:53:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/02/14 20:53:54 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/02/14 20:53:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/02/14 20:53:54 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/02/14 20:53:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/02/14 20:53:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/02/14 20:53:53 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/02/14 20:53:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/02/14 20:53:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/02/14 20:53:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/02/14 20:53:53 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/02/14 20:53:52 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/02/14 20:53:52 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/02/14 20:53:52 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/14 20:53:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/02/14 20:53:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/14 20:53:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/02/14 20:53:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/02/14 20:53:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/02/14 20:53:51 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/02/14 20:53:50 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/14 20:53:50 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/02/14 20:53:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/02/14 20:53:50 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/02/14 20:53:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/02/14 20:53:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/02/14 20:53:50 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/02/14 20:50:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/02/14 20:50:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/02/14 20:50:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/02/14 20:50:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/02/14 20:50:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2014/02/14 20:50:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/02/14 20:50:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/02/14 20:50:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/02/14 20:50:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/02/14 20:50:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/02/14 20:50:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/02/14 20:50:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/02/14 20:50:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2014/02/14 20:50:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/02/14 20:50:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/02/14 20:50:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/02/14 20:50:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/02/14 20:50:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/02/14 20:50:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/02/14 20:50:03 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/02/14 20:50:03 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/02/14 20:50:03 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/02/14 20:50:02 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/02/14 20:50:01 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/14 20:50:01 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/14 19:37:50 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2014/02/14 17:23:19 | 004,911,888 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/02/14 16:26:29 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\LavasoftStatistics
[2014/02/14 15:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/02/13 22:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/13 22:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/02/13 22:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/13 22:33:29 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/13 22:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/13 22:33:12 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/13 22:33:12 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/13 22:33:12 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/13 22:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/02/13 15:12:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 15:12:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 15:12:11 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 15:12:10 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 15:12:10 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 15:12:09 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 15:12:09 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 15:12:08 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 15:12:08 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 15:12:07 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 15:12:07 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 15:12:06 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 15:12:06 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 15:12:06 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 15:12:05 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 15:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 15:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 15:12:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 15:12:04 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 15:11:55 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/02/13 15:11:54 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/02/13 15:11:32 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/13 15:11:31 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/13 15:09:30 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/02/12 13:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/02/12 13:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/02/11 21:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/11 21:18:55 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/11 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\mbar
[2014/02/11 19:18:51 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/07 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/07 16:11:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 16:11:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 16:08:52 | 000,783,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/07 16:08:52 | 000,663,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/07 16:08:52 | 000,122,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/07 16:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/07 16:04:26 | 1391,484,928 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/07 16:04:25 | 000,000,244 | ---- | M] () -- C:\Windows\SysWow64\PARTIZAL.EXE
[2014/03/07 04:54:00 | 000,023,557 | ---- | M] () -- C:\Users\14daminute\Desktop\FRST (2).zip
[2014/03/07 04:09:19 | 000,023,557 | ---- | M] () -- C:\Users\14daminute\Desktop\FRST.zip
[2014/03/07 02:50:08 | 000,090,703 | ---- | M] () -- C:\Users\14daminute\Desktop\TeamSpybot-20140306-233401.zip
[2014/03/06 23:34:02 | 000,101,284 | ---- | M] () -- C:\Users\14daminute\Desktop\Desktop-20140306-233401.png
[2014/03/06 22:00:15 | 000,000,565 | ---- | M] () -- C:\Users\14daminute\Desktop\mbr.dat.zip
[2014/03/06 21:11:36 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/05 19:52:31 | 000,002,883 | ---- | M] () -- C:\Users\14daminute\Desktop\$RL5HBKR.zip
[2014/03/05 19:14:36 | 000,000,897 | ---- | M] () -- C:\Users\14daminute\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2014/03/05 19:14:35 | 000,000,873 | ---- | M] () -- C:\Users\14daminute\Desktop\ERUNT.lnk
[2014/03/05 12:42:27 | 002,601,816 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 12:42:24 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 12:42:24 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 12:42:23 | 000,211,184 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 12:42:23 | 000,198,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 12:42:18 | 000,121,744 | ---- | M] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 12:42:17 | 000,220,496 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 12:42:16 | 000,081,232 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 12:42:16 | 000,078,160 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 12:42:16 | 000,074,064 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 12:42:15 | 001,146,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 12:42:14 | 002,393,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 12:42:13 | 000,332,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 12:42:09 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 12:42:08 | 003,049,064 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 12:42:07 | 000,648,808 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 12:42:06 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 12:42:06 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 12:42:06 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 12:42:06 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 12:42:04 | 001,242,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 12:42:03 | 001,004,544 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 12:42:03 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 12:42:03 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 12:42:03 | 000,085,096 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 12:41:55 | 000,334,680 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 12:41:54 | 002,238,296 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 12:41:53 | 002,197,264 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 12:41:52 | 000,341,336 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 12:41:52 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 12:41:30 | 002,075,712 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 12:41:30 | 000,475,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 12:41:29 | 001,327,208 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 12:41:29 | 000,491,112 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 12:41:28 | 001,179,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 12:41:28 | 000,317,032 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 12:41:28 | 000,269,928 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 12:41:27 | 000,266,856 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 12:41:27 | 000,126,056 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 12:41:27 | 000,125,544 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 12:41:27 | 000,125,032 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 12:41:26 | 001,111,656 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 12:41:26 | 000,504,936 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 12:41:24 | 000,200,800 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 12:41:24 | 000,108,960 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 12:40:20 | 000,042,510 | ---- | M] () -- C:\Windows\SysNative\drivers\RtPCEE4.DAT
[2014/03/05 12:40:19 | 000,247,560 | ---- | M] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2014/03/05 12:40:19 | 000,039,672 | ---- | M] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT
[2014/03/05 12:40:19 | 000,001,448 | ---- | M] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2014/03/05 12:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat
[2014/03/05 12:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat
[2014/03/05 12:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2014/03/05 12:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2014/03/05 12:40:19 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2014/03/05 12:40:15 | 001,284,712 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2014/03/05 12:38:08 | 000,749,150 | ---- | M] () -- C:\Windows\SysNative\oem17.inf
[2014/03/05 12:36:30 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2014/03/05 12:36:27 | 000,095,544 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2014/03/05 12:36:26 | 004,726,336 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2014/03/05 12:36:26 | 003,955,000 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2014/03/05 12:36:26 | 003,620,152 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2014/03/03 17:39:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/03 17:39:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/27 15:01:03 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/20 16:54:56 | 000,000,824 | ---- | M] () -- C:\Users\14daminute\Documents\cc_20140220_165451.reg
[2014/02/20 16:54:15 | 000,009,778 | ---- | M] () -- C:\Users\14daminute\Documents\cc_20140220_165354.reg
[2014/02/18 15:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2014/02/18 15:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2014/02/18 15:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/18 15:28:54 | 000,000,911 | ---- | M] () -- C:\Users\14daminute\Desktop\UnHackMe.lnk
[2014/02/17 16:28:00 | 000,001,257 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/02/17 15:12:53 | 000,007,616 | ---- | M] () -- C:\Users\14daminute\AppData\Local\Resmon.ResmonCfg
[2014/02/17 03:03:20 | 000,775,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/15 05:52:50 | 000,000,089 | ---- | M] () -- C:\Windows\SysNative\Partizan.RRI
[2014/02/15 05:27:48 | 000,001,232 | ---- | M] () -- C:\Users\14daminute\Desktop\Revo Uninstaller.lnk
[2014/02/15 03:53:57 | 000,040,720 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2014/02/15 03:44:27 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2014/02/14 20:54:10 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/14 20:54:10 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/02/14 20:54:02 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/02/14 20:54:02 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/02/14 20:54:02 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/02/14 20:54:00 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/02/14 20:54:00 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/02/14 20:54:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/02/14 20:54:00 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/02/14 20:53:59 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/02/14 20:53:59 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/14 20:53:59 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/02/14 20:53:59 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/02/14 20:53:59 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/02/14 20:53:59 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/02/14 20:53:59 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/02/14 20:53:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/14 20:53:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/14 20:53:58 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/02/14 20:53:57 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/14 20:53:57 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/02/14 20:53:57 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/02/14 20:53:57 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/02/14 20:53:57 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/02/14 20:53:57 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/02/14 20:53:56 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/02/14 20:53:56 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/02/14 20:53:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/02/14 20:53:55 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/02/14 20:53:55 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/02/14 20:53:55 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/02/14 20:53:54 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/02/14 20:53:54 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/02/14 20:53:54 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/02/14 20:53:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/02/14 20:53:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/02/14 20:53:53 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/02/14 20:53:53 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/02/14 20:53:53 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/02/14 20:53:53 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/02/14 20:53:53 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/02/14 20:53:52 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/02/14 20:53:52 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/02/14 20:53:52 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/14 20:53:52 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/02/14 20:53:52 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/14 20:53:52 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/02/14 20:53:52 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/02/14 20:53:52 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/14 20:53:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/02/14 20:53:51 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/02/14 20:53:51 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/02/14 20:53:50 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/14 20:53:50 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/02/14 20:53:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/02/14 20:53:50 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/02/14 20:53:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/02/14 20:53:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/02/14 17:22:46 | 004,911,888 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/02/13 22:32:54 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/13 22:32:49 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/13 22:32:49 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/13 22:32:49 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/12 13:53:10 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/11 21:18:55 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/11 15:38:01 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/06 03:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 03:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 03:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 02:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 02:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 02:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 02:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 02:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 02:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 02:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 02:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 02:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 01:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 01:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 01:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 01:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 01:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 01:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 01:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 01:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 00:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 00:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/07 04:54:00 | 000,023,557 | ---- | C] () -- C:\Users\14daminute\Desktop\FRST (2).zip
[2014/03/07 04:09:19 | 000,023,557 | ---- | C] () -- C:\Users\14daminute\Desktop\FRST.zip
[2014/03/07 02:50:08 | 000,090,703 | ---- | C] () -- C:\Users\14daminute\Desktop\TeamSpybot-20140306-233401.zip
[2014/03/06 23:34:02 | 000,101,284 | ---- | C] () -- C:\Users\14daminute\Desktop\Desktop-20140306-233401.png
[2014/03/06 22:00:15 | 000,000,565 | ---- | C] () -- C:\Users\14daminute\Desktop\mbr.dat.zip
[2014/03/05 19:52:31 | 000,002,883 | ---- | C] () -- C:\Users\14daminute\Desktop\$RL5HBKR.zip
[2014/03/05 19:14:36 | 000,000,897 | ---- | C] () -- C:\Users\14daminute\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2014/03/05 19:14:35 | 000,000,873 | ---- | C] () -- C:\Users\14daminute\Desktop\ERUNT.lnk
[2014/03/05 13:09:54 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\PARTIZAL.EXE
[2014/03/05 12:38:24 | 000,749,150 | ---- | C] () -- C:\Windows\SysNative\oem17.inf
[2014/03/03 22:00:29 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/27 15:00:44 | 000,275,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/20 16:54:54 | 000,000,824 | ---- | C] () -- C:\Users\14daminute\Documents\cc_20140220_165451.reg
[2014/02/20 16:54:10 | 000,009,778 | ---- | C] () -- C:\Users\14daminute\Documents\cc_20140220_165354.reg
[2014/02/18 15:29:01 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2014/02/15 05:52:13 | 000,000,089 | ---- | C] () -- C:\Windows\SysNative\Partizan.RRI
[2014/02/15 05:27:48 | 000,001,232 | ---- | C] () -- C:\Users\14daminute\Desktop\Revo Uninstaller.lnk
[2014/02/15 03:44:19 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2014/02/15 03:44:19 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/15 03:44:07 | 000,000,911 | ---- | C] () -- C:\Users\14daminute\Desktop\UnHackMe.lnk
[2014/02/14 20:53:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/14 20:53:52 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/12 16:18:32 | 000,001,257 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/02/12 13:20:31 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/12 13:20:17 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/07 11:56:18 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/04/27 10:02:54 | 000,006,224 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 14:27:00 | 000,007,616 | ---- | C] () -- C:\Users\14daminute\AppData\Local\Resmon.ResmonCfg
[2013/02/16 07:44:06 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/24 12:20:17 | 000,775,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/26 13:48:23 | 000,020,448 | ---- | C] () -- C:\Users\14daminute\AppData\Roaming\UserTile.png
[2012/07/30 01:26:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/09 20:34:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

healing41
2014-03-08, 04:10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA}: DhcpNameServer = 192.168.14.1 66.233.127.12
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 16:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/07 14:22:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/07 02:07:55 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RO2GNKV
[2014/03/07 02:05:57 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RL5HBKR
[2014/03/05 19:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/05 13:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/03/05 13:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/03/05 13:13:04 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 13:13:02 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 13:13:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 13:13:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 13:13:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 13:12:56 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 13:12:55 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 13:12:55 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 13:12:54 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 13:12:54 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 13:12:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 13:12:53 | 002,393,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 13:12:52 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 13:12:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 13:12:49 | 003,049,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 13:12:48 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 13:12:47 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 13:12:47 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 13:12:46 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 13:12:46 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 13:12:43 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 13:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 13:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 13:12:41 | 001,004,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 13:12:41 | 000,085,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 13:12:38 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/03/05 13:12:38 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/03/05 13:12:37 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/03/05 13:12:37 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/03/05 13:12:37 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/03/05 13:12:35 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 13:12:34 | 002,238,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 13:12:33 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 13:12:33 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 13:12:33 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 13:12:12 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 13:12:11 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 13:12:11 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 13:12:11 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 13:12:10 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 13:12:10 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 13:12:09 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 13:12:09 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 13:12:09 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 13:12:09 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 13:12:09 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 13:12:08 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 13:12:08 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 13:12:06 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 13:12:06 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 13:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/05 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\ATI
[2014/03/05 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\ATI
[2014/03/05 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\InstallShield
[2014/03/03 22:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/03 22:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/27 14:11:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/02/17 10:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/17 10:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/02/17 10:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/02/17 10:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/02/17 10:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/02/17 10:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/02/17 10:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2014/02/17 10:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/02/17 09:38:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/15 05:27:48 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/02/15 05:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/15 05:27:28 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/02/15 03:53:57 | 000,040,720 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2014/02/15 03:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2014/02/15 03:44:27 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2014/02/15 03:44:09 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Documents\RegRun2
[2014/02/15 03:44:07 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2014/02/15 03:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2014/02/15 03:44:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2014/02/15 03:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2014/02/15 03:03:19 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/15 03:01:34 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/15 03:01:34 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/15 03:01:32 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/15 03:01:32 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/15 03:01:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/15 03:01:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/15 03:01:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/15 03:01:27 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/15 03:01:26 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/15 03:01:26 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/15 03:01:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/15 03:01:25 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/15 03:01:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/15 03:01:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/15 03:01:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/15 03:01:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/15 03:01:22 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/15 03:01:22 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/15 03:01:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/15 03:01:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/15 03:01:15 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/15 03:01:14 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/15 03:01:03 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/14 23:00:20 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/14 20:54:10 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/14 20:54:10 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/02/14 20:54:02 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/02/14 20:54:02 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/02/14 20:54:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/02/14 20:54:00 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/02/14 20:54:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/02/14 20:54:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/02/14 20:54:00 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/02/14 20:53:59 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/02/14 20:53:59 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/14 20:53:59 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/02/14 20:53:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/02/14 20:53:59 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/02/14 20:53:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/02/14 20:53:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/02/14 20:53:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/14 20:53:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/02/14 20:53:57 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/14 20:53:57 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/02/14 20:53:57 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/02/14 20:53:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/02/14 20:53:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/02/14 20:53:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/02/14 20:53:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/02/14 20:53:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/02/14 20:53:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/02/14 20:53:55 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/02/14 20:53:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/02/14 20:53:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/02/14 20:53:54 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/02/14 20:53:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/02/14 20:53:54 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/02/14 20:53:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/02/14 20:53:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/02/14 20:53:53 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/02/14 20:53:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/02/14 20:53:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/02/14 20:53:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/02/14 20:53:53 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/02/14 20:53:52 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/02/14 20:53:52 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/02/14 20:53:52 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/14 20:53:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/02/14 20:53:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/14 20:53:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/02/14 20:53:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/02/14 20:53:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/02/14 20:53:51 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/02/14 20:53:50 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/14 20:53:50 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/02/14 20:53:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/02/14 20:53:50 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/02/14 20:53:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/02/14 20:53:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/02/14 20:53:50 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/02/14 20:50:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/02/14 20:50:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/02/14 20:50:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/02/14 20:50:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/02/14 20:50:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2014/02/14 20:50:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/02/14 20:50:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/02/14 20:50:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/02/14 20:50:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/02/14 20:50:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/02/14 20:50:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/02/14 20:50:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/02/14 20:50:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2014/02/14 20:50:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/02/14 20:50:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/02/14 20:50:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/02/14 20:50:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/02/14 20:50:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/02/14 20:50:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/02/14 20:50:03 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/02/14 20:50:03 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/02/14 20:50:03 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/02/14 20:50:02 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/02/14 20:50:01 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/14 20:50:01 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/14 19:37:50 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2014/02/14 17:23:19 | 004,911,888 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/02/14 16:26:29 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\LavasoftStatistics
[2014/02/14 15:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/02/13 22:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/13 22:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/02/13 22:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/13 22:33:29 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/13 22:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/13 22:33:12 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/13 22:33:12 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/13 22:33:12 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/13 22:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/02/13 15:12:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 15:12:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 15:12:11 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 15:12:10 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 15:12:10 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 15:12:09 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 15:12:09 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 15:12:08 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 15:12:08 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 15:12:07 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 15:12:07 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 15:12:06 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 15:12:06 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 15:12:06 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 15:12:05 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 15:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 15:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 15:12:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 15:12:04 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 15:11:55 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/02/13 15:11:54 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/02/13 15:11:32 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/13 15:11:31 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/13 15:09:30 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/02/12 13:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/02/12 13:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/02/11 21:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/11 21:18:55 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/11 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\mbar
[2014/02/11 19:18:51 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/07 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/07 16:11:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 16:11:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 16:08:52 | 000,783,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/07 16:08:52 | 000,663,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/07 16:08:52 | 000,122,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/07 16:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/07 16:04:26 | 1391,484,928 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/07 16:04:25 | 000,000,244 | ---- | M] () -- C:\Windows\SysWow64\PARTIZAL.EXE
[2014/03/07 04:54:00 | 000,023,557 | ---- | M] () -- C:\Users\14daminute\Desktop\FRST (2).zip
[2014/03/07 04:09:19 | 000,023,557 | ---- | M] () -- C:\Users\14daminute\Desktop\FRST.zip
[2014/03/07 02:50:08 | 000,090,703 | ---- | M] () -- C:\Users\14daminute\Desktop\TeamSpybot-20140306-233401.zip
[2014/03/06 23:34:02 | 000,101,284 | ---- | M] () -- C:\Users\14daminute\Desktop\Desktop-20140306-233401.png
[2014/03/06 22:00:15 | 000,000,565 | ---- | M] () -- C:\Users\14daminute\Desktop\mbr.dat.zip
[2014/03/06 21:11:36 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/05 19:52:31 | 000,002,883 | ---- | M] () -- C:\Users\14daminute\Desktop\$RL5HBKR.zip
[2014/03/05 19:14:36 | 000,000,897 | ---- | M] () -- C:\Users\14daminute\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2014/03/05 19:14:35 | 000,000,873 | ---- | M] () -- C:\Users\14daminute\Desktop\ERUNT.lnk
[2014/03/05 12:42:27 | 002,601,816 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 12:42:24 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 12:42:24 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 12:42:23 | 000,211,184 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 12:42:23 | 000,198,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 12:42:18 | 000,121,744 | ---- | M] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 12:42:17 | 000,220,496 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 12:42:16 | 000,081,232 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 12:42:16 | 000,078,160 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 12:42:16 | 000,074,064 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 12:42:15 | 001,146,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 12:42:14 | 002,393,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 12:42:13 | 000,332,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 12:42:09 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 12:42:08 | 003,049,064 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 12:42:07 | 000,648,808 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 12:42:06 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 12:42:06 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 12:42:06 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 12:42:06 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 12:42:04 | 001,242,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 12:42:03 | 001,004,544 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 12:42:03 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 12:42:03 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 12:42:03 | 000,085,096 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 12:41:55 | 000,334,680 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 12:41:54 | 002,238,296 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 12:41:53 | 002,197,264 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 12:41:52 | 000,341,336 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 12:41:52 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 12:41:30 | 002,075,712 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 12:41:30 | 000,475,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 12:41:29 | 001,327,208 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 12:41:29 | 000,491,112 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 12:41:28 | 001,179,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 12:41:28 | 000,317,032 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 12:41:28 | 000,269,928 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 12:41:27 | 000,266,856 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 12:41:27 | 000,126,056 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 12:41:27 | 000,125,544 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 12:41:27 | 000,125,032 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 12:41:26 | 001,111,656 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 12:41:26 | 000,504,936 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 12:41:24 | 000,200,800 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 12:41:24 | 000,108,960 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 12:40:20 | 000,042,510 | ---- | M] () -- C:\Windows\SysNative\drivers\RtPCEE4.DAT
[2014/03/05 12:40:19 | 000,247,560 | ---- | M] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2014/03/05 12:40:19 | 000,039,672 | ---- | M] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT
[2014/03/05 12:40:19 | 000,001,448 | ---- | M] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2014/03/05 12:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat
[2014/03/05 12:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat
[2014/03/05 12:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2014/03/05 12:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2014/03/05 12:40:19 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2014/03/05 12:40:15 | 001,284,712 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2014/03/05 12:38:08 | 000,749,150 | ---- | M] () -- C:\Windows\SysNative\oem17.inf
[2014/03/05 12:36:30 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2014/03/05 12:36:27 | 000,095,544 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2014/03/05 12:36:26 | 004,726,336 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2014/03/05 12:36:26 | 003,955,000 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2014/03/05 12:36:26 | 003,620,152 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2014/03/03 17:39:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/03 17:39:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/27 15:01:03 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/20 16:54:56 | 000,000,824 | ---- | M] () -- C:\Users\14daminute\Documents\cc_20140220_165451.reg
[2014/02/20 16:54:15 | 000,009,778 | ---- | M] () -- C:\Users\14daminute\Documents\cc_20140220_165354.reg
[2014/02/18 15:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2014/02/18 15:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2014/02/18 15:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/18 15:28:54 | 000,000,911 | ---- | M] () -- C:\Users\14daminute\Desktop\UnHackMe.lnk
[2014/02/17 16:28:00 | 000,001,257 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/02/17 15:12:53 | 000,007,616 | ---- | M] () -- C:\Users\14daminute\AppData\Local\Resmon.ResmonCfg
[2014/02/17 03:03:20 | 000,775,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/15 05:52:50 | 000,000,089 | ---- | M] () -- C:\Windows\SysNative\Partizan.RRI
[2014/02/15 05:27:48 | 000,001,232 | ---- | M] () -- C:\Users\14daminute\Desktop\Revo Uninstaller.lnk
[2014/02/15 03:53:57 | 000,040,720 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2014/02/15 03:44:27 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2014/02/14 20:54:10 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/14 20:54:10 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/02/14 20:54:02 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/02/14 20:54:02 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/02/14 20:54:02 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/02/14 20:54:00 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/02/14 20:54:00 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/02/14 20:54:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/02/14 20:54:00 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/02/14 20:53:59 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/02/14 20:53:59 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/14 20:53:59 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/02/14 20:53:59 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/02/14 20:53:59 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/02/14 20:53:59 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/02/14 20:53:59 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/02/14 20:53:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/14 20:53:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/14 20:53:58 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/02/14 20:53:57 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/14 20:53:57 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/02/14 20:53:57 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/02/14 20:53:57 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/02/14 20:53:57 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/02/14 20:53:57 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/02/14 20:53:56 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/02/14 20:53:56 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/02/14 20:53:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/02/14 20:53:55 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/02/14 20:53:55 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/02/14 20:53:55 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/02/14 20:53:54 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/02/14 20:53:54 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/02/14 20:53:54 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/02/14 20:53:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/02/14 20:53:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/02/14 20:53:53 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/02/14 20:53:53 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/02/14 20:53:53 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/02/14 20:53:53 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/02/14 20:53:53 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/02/14 20:53:52 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/02/14 20:53:52 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/02/14 20:53:52 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/14 20:53:52 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/02/14 20:53:52 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/14 20:53:52 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/02/14 20:53:52 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/02/14 20:53:52 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/14 20:53:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/02/14 20:53:51 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/02/14 20:53:51 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/02/14 20:53:50 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/14 20:53:50 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/02/14 20:53:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/02/14 20:53:50 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/02/14 20:53:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/02/14 20:53:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/02/14 17:22:46 | 004,911,888 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/02/13 22:32:54 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/13 22:32:49 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/13 22:32:49 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/13 22:32:49 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/12 13:53:10 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/11 21:18:55 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/11 15:38:01 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/06 03:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 03:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 03:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 02:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 02:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 02:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 02:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 02:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 02:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 02:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 02:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 02:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 01:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 01:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 01:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 01:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 01:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 01:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 01:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 01:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 00:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 00:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/07 04:54:00 | 000,023,557 | ---- | C] () -- C:\Users\14daminute\Desktop\FRST (2).zip
[2014/03/07 04:09:19 | 000,023,557 | ---- | C] () -- C:\Users\14daminute\Desktop\FRST.zip
[2014/03/07 02:50:08 | 000,090,703 | ---- | C] () -- C:\Users\14daminute\Desktop\TeamSpybot-20140306-233401.zip
[2014/03/06 23:34:02 | 000,101,284 | ---- | C] () -- C:\Users\14daminute\Desktop\Desktop-20140306-233401.png
[2014/03/06 22:00:15 | 000,000,565 | ---- | C] () -- C:\Users\14daminute\Desktop\mbr.dat.zip
[2014/03/05 19:52:31 | 000,002,883 | ---- | C] () -- C:\Users\14daminute\Desktop\$RL5HBKR.zip
[2014/03/05 19:14:36 | 000,000,897 | ---- | C] () -- C:\Users\14daminute\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2014/03/05 19:14:35 | 000,000,873 | ---- | C] () -- C:\Users\14daminute\Desktop\ERUNT.lnk
[2014/03/05 13:09:54 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\PARTIZAL.EXE
[2014/03/05 12:38:24 | 000,749,150 | ---- | C] () -- C:\Windows\SysNative\oem17.inf
[2014/03/03 22:00:29 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/27 15:00:44 | 000,275,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/20 16:54:54 | 000,000,824 | ---- | C] () -- C:\Users\14daminute\Documents\cc_20140220_165451.reg
[2014/02/20 16:54:10 | 000,009,778 | ---- | C] () -- C:\Users\14daminute\Documents\cc_20140220_165354.reg
[2014/02/18 15:29:01 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2014/02/15 05:52:13 | 000,000,089 | ---- | C] () -- C:\Windows\SysNative\Partizan.RRI
[2014/02/15 05:27:48 | 000,001,232 | ---- | C] () -- C:\Users\14daminute\Desktop\Revo Uninstaller.lnk
[2014/02/15 03:44:19 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2014/02/15 03:44:19 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/15 03:44:07 | 000,000,911 | ---- | C] () -- C:\Users\14daminute\Desktop\UnHackMe.lnk
[2014/02/14 20:53:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/14 20:53:52 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/12 16:18:32 | 000,001,257 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/02/12 13:20:31 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/12 13:20:17 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/07 11:56:18 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/04/27 10:02:54 | 000,006,224 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 14:27:00 | 000,007,616 | ---- | C] () -- C:\Users\14daminute\AppData\Local\Resmon.ResmonCfg
[2013/02/16 07:44:06 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/24 12:20:17 | 000,775,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/26 13:48:23 | 000,020,448 | ---- | C] () -- C:\Users\14daminute\AppData\Roaming\UserTile.png
[2012/07/30 01:26:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/09 20:34:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

healing41
2014-03-08, 04:19
# AdwCleaner v3.020 - Report created 07/03/2014 at 17:27:29
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : 14daminute - YUANSHEN
# Running from : C:\Users\14healing\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


*************************

AdwCleaner[R0].txt - [13455 octets] - [17/02/2014 09:38:43]
AdwCleaner[R1].txt - [1094 octets] - [07/03/2014 14:04:30]
AdwCleaner[R2].txt - [887 octets] - [07/03/2014 17:24:44]
AdwCleaner[S0].txt - [13464 octets] - [17/02/2014 09:47:10]
AdwCleaner[S1].txt - [1168 octets] - [07/03/2014 14:07:10]
AdwCleaner[S2].txt - [809 octets] - [07/03/2014 17:27:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [868 octets] ##########

OCD
2014-03-08, 05:34
Hi healing41,

Please only post the requested logs once, then please wait for me to review them and return with additional instructions. Also, please do not put additional symptoms of issues in the topic title, the information might get overlooked.

I still need to see the following logs:


aswMBR.txt
JRT.txt



Since you have run AdwCleaner in the past I will need for you to locate the following scan log
AdwCleaner[S0].txt - [13464 octets] - [17/02/2014 09:47:10]

It should be located in C:\AdwCleaner\

In your next post please provide the following:

aswMBR.txt
JRT.txt
AdwCleaner[S0].txt

healing41
2014-03-09, 06:05
# AdwCleaner v3.019 - Report created 17/02/2014 at 09:47:10
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : 14daminute - YUANSHEN
# Running from : C:\Users\14healing\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : \AI_RecycleBin
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\14healing\AppData\Local\TelevisionFanatic
Folder Deleted : C:\Users\14healing\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\14healing\AppData\LocalLow\iac
Folder Deleted : C:\Users\14healing\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\14healing\AppData\Roaming\Iminent
Folder Deleted : C:\Users\14healing\AppData\Roaming\Oxy
Folder Deleted : C:\Users\14daminute\AppData\Local\getsavin
Folder Deleted : C:\Users\14daminute\AppData\Local\iac
Folder Deleted : C:\Users\14daminute\AppData\Local\PackageAware
Folder Deleted : C:\Users\14daminute\AppData\Local\strongvault
Folder Deleted : C:\Users\14daminute\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\14daminute\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\14daminute\AppData\LocalLow\iac
Folder Deleted : C:\Users\14daminute\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\14daminute\AppData\Roaming\Oxy
Folder Deleted : C:\Users\14daminute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D3F22A84-2A84-49EB-91E6-5DADAAF0165D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\14healing\AppData\Roaming\Mozilla\Firefox\Profiles\xfidi5e8.default\prefs.js ]


[ File : C:\Users\14daminute\AppData\Roaming\Mozilla\Firefox\Profiles\ktb90w0h.default-1392175205683\prefs.js ]


*************************

AdwCleaner[R0].txt - [13455 octets] - [17/02/2014 09:38:43]
AdwCleaner[S0].txt - [13144 octets] - [17/02/2014 09:47:10]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [13205 octets] ##########

healing41
2014-03-09, 06:11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by 14daminute on Fri 03/07/2014 at 14:22:49.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\5aSkPlay_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\5aSkPlay_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal spy-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal spy-bg_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\5aSkPlay_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\5aSkPlay_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\deal spy-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\deal spy-bg_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASMANCS



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoCB5C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD629.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF1AF.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\14daminute\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\14daminute\appdata\locallow\whitesmoke_new"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\14daminute\appdata\local\{02B511D3-DAED-4B84-AFC9-25BE268FC1CA}
Successfully deleted: [Empty Folder] C:\Users\14daminute\appdata\local\{03285805-EE99-4F65-9E93-E9CA2BC6070D}
Successfully deleted: [Empty Folder] C:\Users\14daminute\appdata\local\{21D5288B-A500-4FFE-81C7-12C41BE82388}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 14:40:22.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

healing41
2014-03-09, 06:47
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-08 20:19:45
-----------------------------
20:19:45.455 OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:45.455 Number of processors: 2 586 0x200
20:19:45.455 ComputerName: YUANSHEN UserName:
20:19:47.506 Initialize success
20:22:41.698 AVAST engine defs: 14030801
20:23:00.872 The log file has been saved successfully to "C:\Users\14daminute\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-08 20:19:45
-----------------------------
20:19:45.455 OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:45.455 Number of processors: 2 586 0x200
20:19:45.455 ComputerName: YUANSHEN UserName:
20:19:47.506 Initialize success
20:22:41.698 AVAST engine defs: 14030801
20:23:00.872 The log file has been saved successfully to "C:\Users\14daminute\Desktop\aswMBR.txt"
20:24:26.573 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
20:24:26.573 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
20:24:26.729 Disk 0 MBR read successfully
20:24:26.744 Disk 0 MBR scan
20:24:26.760 Disk 0 Windows 7 default MBR code
20:24:26.775 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
20:24:26.869 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
20:24:26.963 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291831 MB offset 27469824
20:24:27.197 Disk 0 scanning C:\Windows\system32\drivers
20:24:56.636 Service scanning
20:25:57.774 Modules scanning
20:25:57.789 Disk 0 trace - called modules:
20:25:58.351 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:25:58.367 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800267a060]
20:25:58.382 3 CLASSPNP.SYS[fffff880015a643f] -> nt!IofCallDriver -> [0xfffffa800255f040]
20:25:58.398 5 amd_xata.sys[fffff88001103d2c] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8002557060]
20:26:00.683 AVAST engine scan C:\Windows
20:26:08.335 AVAST engine scan C:\Windows\system32
20:35:34.980 AVAST engine scan C:\Windows\system32\drivers
20:36:10.346 AVAST engine scan C:\Users\14daminute
20:38:10.333 AVAST engine scan C:\ProgramData
20:40:31.791 Scan finished successfully
20:40:59.916 Disk 0 MBR has been saved successfully to "C:\Users\14daminute\Desktop\MBR.dat"
20:41:00.244 The log file has been saved successfully to "C:\Users\14daminute\Desktop\aswMBR.txt"

OCD
2014-03-09, 07:07
Hi healing41,

How is the computer running?

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run OTL (it should be located on your desktop).


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

OTL.txt

healing41
2014-03-09, 12:23
i still have the sys noise problem. every 4 seconds. the device manager tree listing is still up-down-up-down i was attempting a clean reboot of network adapters when i noticed the devman and syssounds coordinate

OCD
2014-03-09, 16:17
Hi healing41,


i still have the sys noise problem. every 4 seconds. the device manager tree listing is still up-down-up-down i was attempting a clean reboot of network adapters when i noticed the devman and syssounds coordinate

Please explain these issues in more detail. Please do not use abbreviations when describing issues to help eliminate confusion. Also, please post the requested OTL log when it is available.

healing41
2014-03-09, 20:40
OTL logfile created on: 3/9/2014 3:31:01 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14daminute\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 39.98% Memory free
3.68 Gb Paging File | 2.07 Gb Available in Paging File | 56.27% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2500

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 25.42 Gb Free Space | 8.92% Space Free | Partition Type: NTFS

Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\14daminute\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (DFX11_1) -- C:\Windows\SysNative\drivers\dfx11_1x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (Partizan) -- C:\Windows\SysWOW64\drivers\Partizan.sys (Greatis Software)
DRV - (PORTMON) -- C:\Users\Public\Music\Music\COMPUTER\SysinternalsSuite\PORTMSYS.SYS (Systems Internals)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\14daminute\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8B EA B6 85 36 CF 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {87BD924A-D432-47A2-A632-96AA9A3A4574}
IE - HKCU\..\SearchScopes\{002F1684-F771-48FE-80BC-2191F7AA69E4}: "URL" = http://www.ted.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{5E80220D-238A-4244-A118-692E140984F5}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{87BD924A-D432-47A2-A632-96AA9A3A4574}: "URL" = http://www.bing.com/search?FORM=UP75DF&PC=UP75&dt=042213&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)



O1 HOSTS File: ([2013/07/28 01:01:48 | 000,881,672 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ___id___.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 0.r.msn.com
O1 - Hosts: 127.0.0.1 005.free-counter.co.uk
O1 - Hosts: 127.0.0.1 006.free-counter.co.uk
O1 - Hosts: 127.0.0.1 007.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counters.co.uk
O1 - Hosts: 127.0.0.1 00fun.com
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0d7292.r.axf8.net
O1 - Hosts: 127.0.0.1 0f36f3.r.axf8.net
O1 - Hosts: 127.0.0.1 1.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 1.googlenews.xorg.pl
O1 - Hosts: 127.0.0.1 1.hot-dances.com
O1 - Hosts: 127.0.0.1 1.ofsnetwork.com
O1 - Hosts: 127.0.0.1 1.oz-over.com
O1 - Hosts: 127.0.0.1 1.sharkadnetwork.com
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 29100 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF48A53D-188E-4F31-9EAC-905D29793A76} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98462B45-E612-4FAF-B7CD-8A39F1B1FE69}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA}: DhcpNameServer = 192.168.14.1 66.233.127.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/09 02:08:45 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2014/03/09 01:41:16 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\AMD
[2014/03/09 01:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/03/09 01:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/03/09 01:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2014/03/09 01:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/03/09 01:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/03/09 01:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/03/09 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/03/09 01:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/03/09 01:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/03/09 01:26:29 | 000,000,000 | ---D | C] -- C:\AMD
[2014/03/09 01:24:24 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\library_dir
[2014/03/09 01:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr
[2014/03/09 01:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Pro
[2014/03/07 17:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/07 15:22:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/07 03:07:55 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RO2GNKV
[2014/03/07 03:05:57 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RL5HBKR
[2014/03/05 20:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/05 14:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/03/05 14:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/03/05 14:13:04 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 14:13:02 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 14:13:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 14:13:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 14:13:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 14:12:56 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 14:12:55 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 14:12:55 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 14:12:54 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 14:12:54 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 14:12:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 14:12:53 | 002,393,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 14:12:52 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 14:12:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 14:12:49 | 003,049,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 14:12:48 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 14:12:47 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 14:12:47 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 14:12:46 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 14:12:46 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 14:12:43 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 14:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 14:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 14:12:41 | 001,004,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 14:12:41 | 000,085,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 14:12:38 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/03/05 14:12:38 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/03/05 14:12:37 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/03/05 14:12:37 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/03/05 14:12:37 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/03/05 14:12:35 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 14:12:34 | 002,238,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 14:12:33 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 14:12:33 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 14:12:33 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 14:12:12 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 14:12:11 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 14:12:11 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 14:12:11 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 14:12:10 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 14:12:10 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 14:12:09 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 14:12:09 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 14:12:09 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 14:12:09 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 14:12:09 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 14:12:08 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 14:12:08 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 14:12:06 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 14:12:06 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 14:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/05 14:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\ATI
[2014/03/05 14:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\ATI
[2014/03/05 13:36:46 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\InstallShield
[2014/03/03 23:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/03 23:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/27 15:11:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/02/17 11:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/17 11:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/02/17 11:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/02/17 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/02/17 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/02/17 11:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/02/17 11:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2014/02/17 11:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/02/17 10:38:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/15 06:27:48 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/02/15 06:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

healing41
2014-03-09, 20:42
OTL logfile created on: 3/9/2014 3:31:01 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14daminute\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 39.98% Memory free
3.68 Gb Paging File | 2.07 Gb Available in Paging File | 56.27% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2500

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 25.42 Gb Free Space | 8.92% Space Free | Partition Type: NTFS

Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\14daminute\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (DFX11_1) -- C:\Windows\SysNative\drivers\dfx11_1x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (Partizan) -- C:\Windows\SysWOW64\drivers\Partizan.sys (Greatis Software)
DRV - (PORTMON) -- C:\Users\Public\Music\Music\COMPUTER\SysinternalsSuite\PORTMSYS.SYS (Systems Internals)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\14daminute\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8B EA B6 85 36 CF 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {87BD924A-D432-47A2-A632-96AA9A3A4574}
IE - HKCU\..\SearchScopes\{002F1684-F771-48FE-80BC-2191F7AA69E4}: "URL" = http://www.ted.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{5E80220D-238A-4244-A118-692E140984F5}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{87BD924A-D432-47A2-A632-96AA9A3A4574}: "URL" = http://www.bing.com/search?FORM=UP75DF&PC=UP75&dt=042213&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)



O1 HOSTS File: ([2013/07/28 01:01:48 | 000,881,672 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ___id___.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 0.r.msn.com
O1 - Hosts: 127.0.0.1 005.free-counter.co.uk
O1 - Hosts: 127.0.0.1 006.free-counter.co.uk
O1 - Hosts: 127.0.0.1 007.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counters.co.uk
O1 - Hosts: 127.0.0.1 00fun.com
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0d7292.r.axf8.net
O1 - Hosts: 127.0.0.1 0f36f3.r.axf8.net
O1 - Hosts: 127.0.0.1 1.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 1.googlenews.xorg.pl
O1 - Hosts: 127.0.0.1 1.hot-dances.com
O1 - Hosts: 127.0.0.1 1.ofsnetwork.com
O1 - Hosts: 127.0.0.1 1.oz-over.com
O1 - Hosts: 127.0.0.1 1.sharkadnetwork.com
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 29100 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF48A53D-188E-4F31-9EAC-905D29793A76} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98462B45-E612-4FAF-B7CD-8A39F1B1FE69}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA}: DhcpNameServer = 192.168.14.1 66.233.127.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/09 02:08:45 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2014/03/09 01:41:16 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\AMD
[2014/03/09 01:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/03/09 01:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/03/09 01:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2014/03/09 01:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/03/09 01:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/03/09 01:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/03/09 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/03/09 01:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/03/09 01:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/03/09 01:26:29 | 000,000,000 | ---D | C] -- C:\AMD
[2014/03/09 01:24:24 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\library_dir
[2014/03/09 01:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr
[2014/03/09 01:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Pro
[2014/03/07 17:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/07 15:22:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/07 03:07:55 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RO2GNKV
[2014/03/07 03:05:57 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RL5HBKR
[2014/03/05 20:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/05 14:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/03/05 14:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/03/05 14:13:04 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 14:13:02 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 14:13:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 14:13:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 14:13:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 14:12:56 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 14:12:55 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 14:12:55 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 14:12:54 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 14:12:54 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 14:12:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 14:12:53 | 002,393,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 14:12:52 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 14:12:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 14:12:49 | 003,049,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 14:12:48 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 14:12:47 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 14:12:47 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 14:12:46 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 14:12:46 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 14:12:43 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 14:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 14:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 14:12:41 | 001,004,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 14:12:41 | 000,085,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 14:12:38 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/03/05 14:12:38 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/03/05 14:12:37 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/03/05 14:12:37 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/03/05 14:12:37 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/03/05 14:12:35 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 14:12:34 | 002,238,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 14:12:33 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 14:12:33 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 14:12:33 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 14:12:12 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 14:12:11 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 14:12:11 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 14:12:11 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 14:12:10 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 14:12:10 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 14:12:09 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 14:12:09 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 14:12:09 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 14:12:09 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 14:12:09 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 14:12:08 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 14:12:08 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 14:12:06 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 14:12:06 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 14:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/05 14:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\ATI
[2014/03/05 14:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\ATI
[2014/03/05 13:36:46 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\InstallShield
[2014/03/03 23:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/03 23:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/27 15:11:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/02/17 11:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/17 11:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/02/17 11:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/02/17 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/02/17 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/02/17 11:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/02/17 11:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2014/02/17 11:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/02/17 10:38:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/15 06:27:48 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/02/15 06:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

healing41
2014-03-09, 22:52
the panel volume control for system sounds has to be turned all the way down because there is a beep-boop sound every 7 seconds.

when i get to the device manager panel, i cannot use it because it expands and contracts, expands and contracts over and over.

OCD
2014-03-10, 03:43
Hi healing41,

This issue doesn't appear to be malware related but we will check your system so we can confirm that.


i still have the sys noise problem. every 4 seconds. the device manager tree listing is still up-down-up-down i was attempting a clean reboot of network adapters when i noticed the devman and syssounds coordinate What date did you first notice this issue? What do you mean by "i was attempting a clean reboot of network adapters"?


the panel volume control for system sounds has to be turned all the way down because there is a beep-boop sound every 7 seconds.Check for any stuck keys on your keyboard. If you have a can of compressed air handy clean the keyboard.

= = = = = = = = = = = = = = = = = = = =

This is most likely not related to the issue you are having but you are stretching your resources very thin. You should always leave about 20% free space for your system to function properly.
Drive C: | 284.99 Gb Total Space | 25.42 Gb Free Space | 8.92% Space Free | Partition Type: NTFS

= = = = = = = = = = = = = = = = = = = =

You posted the same half of the OTL log, please provide the 2nd half of the log.

= = = = = = = = = = = = = = = = = = = =

In your next post please provide the following:

2nd half of OTL.txt
Answers to questions asked

healing41
2014-03-11, 08:47
[2014/02/15 06:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/15 06:27:28 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/02/15 04:53:57 | 000,040,720 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2014/02/15 04:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2014/02/15 04:44:27 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2014/02/15 04:44:09 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Documents\RegRun2
[2014/02/15 04:44:07 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2014/02/15 04:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2014/02/15 04:44:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2014/02/15 04:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2014/02/15 04:03:19 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/15 04:01:34 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/15 04:01:34 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/15 04:01:32 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/15 04:01:32 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/15 04:01:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/15 04:01:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/15 04:01:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/15 04:01:27 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/15 04:01:26 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/15 04:01:26 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/15 04:01:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/15 04:01:25 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/15 04:01:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/15 04:01:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/15 04:01:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/15 04:01:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/15 04:01:22 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/15 04:01:22 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/15 04:01:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/15 04:01:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/15 04:01:15 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/15 04:01:14 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/15 04:01:03 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/15 00:00:20 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/14 21:54:10 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/14 21:54:10 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/02/14 21:54:02 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/02/14 21:54:02 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/02/14 21:54:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/02/14 21:54:00 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/02/14 21:54:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/02/14 21:54:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/02/14 21:54:00 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/02/14 21:53:59 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/02/14 21:53:59 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/14 21:53:59 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/02/14 21:53:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/02/14 21:53:59 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/02/14 21:53:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/02/14 21:53:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/02/14 21:53:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/14 21:53:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/02/14 21:53:57 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/14 21:53:57 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/02/14 21:53:57 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/02/14 21:53:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/02/14 21:53:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/02/14 21:53:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/02/14 21:53:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/02/14 21:53:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/02/14 21:53:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/02/14 21:53:55 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/02/14 21:53:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/02/14 21:53:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/02/14 21:53:54 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/02/14 21:53:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/02/14 21:53:54 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/02/14 21:53:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/02/14 21:53:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/02/14 21:53:53 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/02/14 21:53:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/02/14 21:53:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/02/14 21:53:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/02/14 21:53:53 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/02/14 21:53:52 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/02/14 21:53:52 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/02/14 21:53:52 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/14 21:53:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/02/14 21:53:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/14 21:53:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/02/14 21:53:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/02/14 21:53:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/02/14 21:53:51 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/02/14 21:53:50 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/14 21:53:50 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/02/14 21:53:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/02/14 21:53:50 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/02/14 21:53:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/02/14 21:53:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/02/14 21:53:50 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/02/14 21:50:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/02/14 21:50:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/02/14 21:50:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/02/14 21:50:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/02/14 21:50:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2014/02/14 21:50:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/02/14 21:50:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/02/14 21:50:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/02/14 21:50:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/02/14 21:50:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/02/14 21:50:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/02/14 21:50:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/02/14 21:50:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2014/02/14 21:50:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/02/14 21:50:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/02/14 21:50:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/02/14 21:50:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/02/14 21:50:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/02/14 21:50:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/02/14 21:50:03 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/02/14 21:50:03 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/02/14 21:50:03 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/02/14 21:50:02 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/02/14 21:50:01 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/14 21:50:01 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/14 20:37:50 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2014/02/14 18:23:19 | 004,911,888 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/02/14 17:26:29 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\LavasoftStatistics
[2014/02/14 16:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/02/13 23:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/13 23:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/02/13 23:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/13 23:33:29 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/13 23:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/13 23:33:12 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/13 23:33:12 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/13 23:33:12 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/13 23:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/02/13 16:12:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 16:12:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 16:12:11 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 16:12:10 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 16:12:10 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 16:12:09 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 16:12:09 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 16:12:08 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 16:12:08 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 16:12:07 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 16:12:07 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 16:12:06 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 16:12:06 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 16:12:06 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 16:12:05 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 16:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 16:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 16:12:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 16:12:04 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 16:11:55 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/02/13 16:11:54 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/02/13 16:11:32 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/13 16:11:31 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/13 16:09:30 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/02/12 14:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/02/12 14:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/02/11 22:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/11 22:18:55 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/11 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\mbar
[2014/02/11 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/09 03:05:08 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 03:05:08 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 03:02:44 | 000,783,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/09 03:02:44 | 000,663,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/09 03:02:44 | 000,122,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/09 02:57:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/09 02:57:32 | 1391,484,928 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/09 02:57:31 | 000,000,246 | ---- | M] () -- C:\Windows\SysWow64\PARTIZAL.EXE
[2014/03/09 02:12:51 | 329,045,059 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/08 21:41:00 | 000,000,512 | ---- | M] () -- C:\Users\14daminute\Desktop\MBR.dat
[2014/03/07 17:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/07 05:54:00 | 000,023,557 | ---- | M] () -- C:\Users\14daminute\Desktop\FRST (2).zip
[2014/03/07 05:09:19 | 000,023,557 | ---- | M] () -- C:\Users\14daminute\Desktop\FRST.zip
[2014/03/07 03:50:08 | 000,090,703 | ---- | M] () -- C:\Users\14daminute\Desktop\TeamSpybot-20140306-233401.zip
[2014/03/07 00:34:02 | 000,101,284 | ---- | M] () -- C:\Users\14daminute\Desktop\Desktop-20140306-233401.png
[2014/03/06 23:00:15 | 000,000,565 | ---- | M] () -- C:\Users\14daminute\Desktop\mbr.dat.zip
[2014/03/06 22:11:36 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/05 20:52:31 | 000,002,883 | ---- | M] () -- C:\Users\14daminute\Desktop\$RL5HBKR.zip
[2014/03/05 20:14:36 | 000,000,897 | ---- | M] () -- C:\Users\14daminute\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2014/03/05 20:14:35 | 000,000,873 | ---- | M] () -- C:\Users\14daminute\Desktop\ERUNT.lnk
[2014/03/05 13:42:27 | 002,601,816 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 13:42:24 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 13:42:24 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 13:42:23 | 000,211,184 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 13:42:23 | 000,198,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 13:42:18 | 000,121,744 | ---- | M] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 13:42:17 | 000,220,496 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 13:42:16 | 000,081,232 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 13:42:16 | 000,078,160 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 13:42:16 | 000,074,064 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 13:42:15 | 001,146,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 13:42:14 | 002,393,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 13:42:13 | 000,332,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 13:42:09 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 13:42:08 | 003,049,064 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 13:42:07 | 000,648,808 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 13:42:06 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 13:42:06 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 13:42:06 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 13:42:06 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 13:42:04 | 001,242,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 13:42:03 | 001,004,544 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 13:42:03 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 13:42:03 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 13:42:03 | 000,085,096 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 13:41:55 | 000,334,680 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 13:41:54 | 002,238,296 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 13:41:53 | 002,197,264 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 13:41:52 | 000,341,336 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 13:41:52 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 13:41:30 | 002,075,712 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 13:41:30 | 000,475,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 13:41:29 | 001,327,208 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 13:41:29 | 000,491,112 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 13:41:28 | 001,179,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 13:41:28 | 000,317,032 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 13:41:28 | 000,269,928 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 13:41:27 | 000,266,856 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 13:41:27 | 000,126,056 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 13:41:27 | 000,125,544 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 13:41:27 | 000,125,032 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 13:41:26 | 001,111,656 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 13:41:26 | 000,504,936 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 13:41:24 | 000,200,800 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 13:41:24 | 000,108,960 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 13:40:20 | 000,042,510 | ---- | M] () -- C:\Windows\SysNative\drivers\RtPCEE4.DAT
[2014/03/05 13:40:19 | 000,247,560 | ---- | M] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2014/03/05 13:40:19 | 000,039,672 | ---- | M] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT
[2014/03/05 13:40:19 | 000,001,448 | ---- | M] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2014/03/05 13:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat
[2014/03/05 13:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat
[2014/03/05 13:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2014/03/05 13:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2014/03/05 13:40:19 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2014/03/05 13:40:15 | 001,284,712 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2014/03/05 13:38:08 | 000,749,150 | ---- | M] () -- C:\Windows\SysNative\oem17.inf
[2014/03/05 13:36:30 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2014/03/05 13:36:27 | 000,095,544 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2014/03/05 13:36:26 | 004,726,336 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2014/03/05 13:36:26 | 003,955,000 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2014/03/05 13:36:26 | 003,620,152 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2014/03/03 18:39:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/03 18:39:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/27 16:01:03 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/20 17:54:56 | 000,000,824 | ---- | M] () -- C:\Users\14daminute\Documents\cc_20140220_165451.reg
[2014/02/20 17:54:15 | 000,009,778 | ---- | M] () -- C:\Users\14daminute\Documents\cc_20140220_165354.reg
[2014/02/18 16:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2014/02/18 16:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2014/02/18 16:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/18 16:28:54 | 000,000,911 | ---- | M] () -- C:\Users\14daminute\Desktop\UnHackMe.lnk
[2014/02/17 17:28:00 | 000,001,257 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/02/17 16:12:53 | 000,007,616 | ---- | M] () -- C:\Users\14daminute\AppData\Local\Resmon.ResmonCfg
[2014/02/17 04:03:20 | 000,775,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/15 06:52:50 | 000,000,089 | ---- | M] () -- C:\Windows\SysNative\Partizan.RRI
[2014/02/15 06:27:48 | 000,001,232 | ---- | M] () -- C:\Users\14daminute\Desktop\Revo Uninstaller.lnk
[2014/02/15 04:53:57 | 000,040,720 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2014/02/15 04:44:27 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2014/02/14 21:54:10 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/14 21:54:10 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/02/14 21:54:02 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/02/14 21:54:02 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/02/14 21:54:02 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/02/14 21:54:00 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/02/14 21:54:00 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/02/14 21:54:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/02/14 21:54:00 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/02/14 21:53:59 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/02/14 21:53:59 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/14 21:53:59 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/02/14 21:53:59 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/02/14 21:53:59 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/02/14 21:53:59 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/02/14 21:53:59 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/02/14 21:53:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/14 21:53:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/14 21:53:58 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/02/14 21:53:57 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/14 21:53:57 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/02/14 21:53:57 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/02/14 21:53:57 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/02/14 21:53:57 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/02/14 21:53:57 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/02/14 21:53:56 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/02/14 21:53:56 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/02/14 21:53:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/02/14 21:53:55 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/02/14 21:53:55 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/02/14 21:53:55 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/02/14 21:53:54 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/02/14 21:53:54 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/02/14 21:53:54 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/02/14 21:53:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/02/14 21:53:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/02/14 21:53:53 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/02/14 21:53:53 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/02/14 21:53:53 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/02/14 21:53:53 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/02/14 21:53:53 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/02/14 21:53:52 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/02/14 21:53:52 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/02/14 21:53:52 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/14 21:53:52 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/02/14 21:53:52 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/14 21:53:52 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/02/14 21:53:52 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/02/14 21:53:52 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/14 21:53:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/02/14 21:53:51 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/02/14 21:53:51 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/02/14 21:53:50 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/14 21:53:50 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/02/14 21:53:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/02/14 21:53:50 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/02/14 21:53:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/02/14 21:53:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/02/14 18:22:46 | 004,911,888 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2014/02/13 23:32:54 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/13 23:32:49 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/13 23:32:49 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/13 23:32:49 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/12 14:53:10 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/11 22:18:55 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/11 16:38:01 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/09 02:12:51 | 329,045,059 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/03/08 21:40:59 | 000,000,512 | ---- | C] () -- C:\Users\14daminute\Desktop\MBR.dat
[2014/03/07 05:54:00 | 000,023,557 | ---- | C] () -- C:\Users\14daminute\Desktop\FRST (2).zip
[2014/03/07 05:09:19 | 000,023,557 | ---- | C] () -- C:\Users\14daminute\Desktop\FRST.zip
[2014/03/07 03:50:08 | 000,090,703 | ---- | C] () -- C:\Users\14daminute\Desktop\TeamSpybot-20140306-233401.zip
[2014/03/07 00:34:02 | 000,101,284 | ---- | C] () -- C:\Users\14daminute\Desktop\Desktop-20140306-233401.png
[2014/03/06 23:00:15 | 000,000,565 | ---- | C] () -- C:\Users\14daminute\Desktop\mbr.dat.zip
[2014/03/05 20:52:31 | 000,002,883 | ---- | C] () -- C:\Users\14daminute\Desktop\$RL5HBKR.zip
[2014/03/05 20:14:36 | 000,000,897 | ---- | C] () -- C:\Users\14daminute\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2014/03/05 20:14:35 | 000,000,873 | ---- | C] () -- C:\Users\14daminute\Desktop\ERUNT.lnk
[2014/03/05 14:09:54 | 000,000,246 | ---- | C] () -- C:\Windows\SysWow64\PARTIZAL.EXE
[2014/03/05 13:38:24 | 000,749,150 | ---- | C] () -- C:\Windows\SysNative\oem17.inf
[2014/03/03 23:00:29 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/27 16:00:44 | 000,275,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/20 17:54:54 | 000,000,824 | ---- | C] () -- C:\Users\14daminute\Documents\cc_20140220_165451.reg
[2014/02/20 17:54:10 | 000,009,778 | ---- | C] () -- C:\Users\14daminute\Documents\cc_20140220_165354.reg
[2014/02/18 16:29:01 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2014/02/15 06:52:13 | 000,000,089 | ---- | C] () -- C:\Windows\SysNative\Partizan.RRI
[2014/02/15 06:27:48 | 000,001,232 | ---- | C] () -- C:\Users\14daminute\Desktop\Revo Uninstaller.lnk
[2014/02/15 04:44:19 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2014/02/15 04:44:19 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/15 04:44:07 | 000,000,911 | ---- | C] () -- C:\Users\14daminute\Desktop\UnHackMe.lnk
[2014/02/14 21:53:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/14 21:53:52 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/12 17:18:32 | 000,001,257 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/02/12 14:20:31 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/12 14:20:17 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/07 12:56:18 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/12/06 17:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/12/06 14:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/12/06 14:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/12/06 13:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/12/06 13:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/04/27 11:02:54 | 000,006,224 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 15:27:00 | 000,007,616 | ---- | C] () -- C:\Users\14daminute\AppData\Local\Resmon.ResmonCfg
[2013/02/16 08:44:06 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/24 13:20:17 | 000,775,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/26 14:48:23 | 000,020,448 | ---- | C] () -- C:\Users\14daminute\AppData\Roaming\UserTile.png
[2012/07/30 02:26:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/09 21:34:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OCD
2014-03-11, 14:28
Hi healing41,


i still have the sys noise problem. every 4 seconds. the device manager tree listing is still up-down-up-down i was attempting a clean reboot of network adapters when i noticed the devman and syssounds coordinate
What date did you first notice this issue? What do you mean by "i was attempting a clean reboot of network adapters"?

Please answer this question.

healing41
2014-03-11, 22:44
i was troubleshooting my dsl connection. which was not connecting well. it was spending time identifying on AT&T's dsl network.

OCD
2014-03-12, 00:11
Hi healing41,

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe



Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF48A53D-188E-4F31-9EAC-905D29793A76} - No CLSID value found.
[2014/02/15 04:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2014/02/15 04:44:09 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Documents\RegRun2
[2014/02/15 04:44:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2014/02/14 18:23:19 | 004,911,888 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

Can you tell me this file is?
C:\Users\14daminute\Desktop\$RL5HBKR.zip

=========================

In your next post please provide the following:

OTL fix log
Fresh OTL.txt
MBAM log
ESET's log.txt
How's the computer running, any change in performance?

healing41
2014-03-13, 00:16
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF48A53D-188E-4F31-9EAC-905D29793A76} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF48A53D-188E-4F31-9EAC-905D29793A76}\ not found.
C:\ProgramData\RegRun folder moved successfully.
C:\Users\14daminute\Documents\RegRun2 folder moved successfully.
C:\Users\Public\Documents\regruninfo folder moved successfully.
C:\ProgramData\pclunst.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\14daminute\Desktop\cmd.bat deleted successfully.
C:\Users\14daminute\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: 14daminute
->Temp folder emptied: 368258801 bytes
->Temporary Internet Files folder emptied: 4897855 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 737 bytes

User: 14healing
->Temp folder emptied: 222904684 bytes
->Temporary Internet Files folder emptied: 29732811 bytes
->Java cache emptied: 5328 bytes
->FireFox cache emptied: 4384622 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57954 bytes

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3099568 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67825 bytes
RecycleBin emptied: 518701523 bytes

Total Files Cleaned = 1,099.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03122014_140656

Files\Folders moved on Reboot...
C:\Users\14daminute\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\14daminute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3R01CNTR\showthread[1].htm moved successfully.
C:\Users\14daminute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\14daminute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\14daminute\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

healing41
2014-03-13, 00:43
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.12.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
14daminute :: YUANSHEN [administrator]

3/12/2014 3:19:16 PM
mbam-log-2014-03-12 (15-19-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 273084
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OCD
2014-03-13, 02:16
Hi healing41,

I still need the following information:

Can you tell me this file is?
C:\Users\14daminute\Desktop\$RL5HBKR.zip

=========================

In your next post please provide the following:

Fresh OTL.txt
ESET's log.txt
How's the computer running, any change in performance?

healing41
2014-03-13, 02:29
C:\Users\14healing\Downloads\cbsidlm-cbsi176-Revo_Uninstaller-ORG-10687648.exe a variant of Win32/CNETInstaller.B potentially unwanted application

healing41
2014-03-13, 02:32
xfer of files between desktops its a log.

healing41
2014-03-13, 03:13
OTL logfile created on: 3/12/2014 2:30:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14daminute\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 45.59% Memory free
3.68 Gb Paging File | 2.37 Gb Available in Paging File | 64.32% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2500

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 24.99 Gb Free Space | 8.77% Space Free | Partition Type: NTFS

Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/12 14:05:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:[b]64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/06 17:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/12/06 13:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/07 17:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/03/23 02:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/05 13:36:26 | 004,726,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013/12/06 14:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/12/06 13:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/24 07:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/06/26 20:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 20:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 20:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 20:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/20 18:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/30 01:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/02/11 20:59:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2012/08/29 10:46:14 | 000,028,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 12:00:56 | 000,206,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/11/23 08:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/10/28 04:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/28 04:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/10/25 07:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 07:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/10/25 06:09:20 | 000,081,496 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/07/13 22:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 22:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/02/15 04:44:27 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\Windows\SysWOW64\drivers\Partizan.sys -- (Partizan)
DRV - [2013/08/27 15:37:50 | 000,028,656 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Users\Public\Music\Music\COMPUTER\SysinternalsSuite\PORTMSYS.SYS -- (PORTMON)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\14daminute\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8B EA B6 85 36 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {87BD924A-D432-47A2-A632-96AA9A3A4574}
IE - HKCU\..\SearchScopes\{002F1684-F771-48FE-80BC-2191F7AA69E4}: "URL" = http://www.ted.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{5E80220D-238A-4244-A118-692E140984F5}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{87BD924A-D432-47A2-A632-96AA9A3A4574}: "URL" = http://www.bing.com/search?FORM=UP75DF&PC=UP75&dt=042213&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)



O1 HOSTS File: ([2013/07/28 01:01:48 | 000,881,672 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ___id___.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 0.r.msn.com
O1 - Hosts: 127.0.0.1 005.free-counter.co.uk
O1 - Hosts: 127.0.0.1 006.free-counter.co.uk
O1 - Hosts: 127.0.0.1 007.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counters.co.uk
O1 - Hosts: 127.0.0.1 00fun.com
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0d7292.r.axf8.net
O1 - Hosts: 127.0.0.1 0f36f3.r.axf8.net
O1 - Hosts: 127.0.0.1 1.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 1.googlenews.xorg.pl
O1 - Hosts: 127.0.0.1 1.hot-dances.com
O1 - Hosts: 127.0.0.1 1.ofsnetwork.com
O1 - Hosts: 127.0.0.1 1.oz-over.com
O1 - Hosts: 127.0.0.1 1.sharkadnetwork.com
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 29100 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98462B45-E612-4FAF-B7CD-8A39F1B1FE69}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA}: DhcpNameServer = 192.168.14.1 66.233.127.12
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/12 14:06:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/12 14:05:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/12 03:41:47 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/12 03:41:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/12 03:41:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/12 03:41:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/12 03:41:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/12 03:41:40 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/12 03:41:40 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/12 03:41:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/12 03:41:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/12 03:41:39 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/12 03:41:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/12 03:41:38 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/12 03:41:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/12 03:41:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/12 03:41:35 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/12 03:41:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/12 03:41:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/12 03:41:34 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/12 03:41:34 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/12 03:41:33 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/12 03:41:31 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/12 03:41:31 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/12 03:41:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/12 03:41:30 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/12 03:41:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/12 03:41:29 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/12 03:40:20 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/03/12 03:40:20 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/12 03:40:20 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/09 02:08:45 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2014/03/09 01:41:16 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\AMD
[2014/03/09 01:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/03/09 01:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/03/09 01:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2014/03/09 01:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/03/09 01:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/03/09 01:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/03/09 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/03/09 01:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/03/09 01:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/03/09 01:26:29 | 000,000,000 | ---D | C] -- C:\AMD
[2014/03/09 01:24:24 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\library_dir
[2014/03/09 01:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Pro
[2014/03/07 15:22:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/07 03:07:55 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RO2GNKV
[2014/03/07 03:05:57 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RL5HBKR
[2014/03/05 20:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/05 14:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/03/05 14:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/03/05 14:13:04 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 14:13:02 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 14:13:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 14:13:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 14:13:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 14:12:56 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 14:12:55 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 14:12:55 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 14:12:54 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 14:12:54 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 14:12:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 14:12:53 | 002,393,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 14:12:52 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 14:12:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 14:12:49 | 003,049,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 14:12:48 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 14:12:47 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 14:12:47 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 14:12:46 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 14:12:46 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 14:12:43 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 14:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 14:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 14:12:41 | 001,004,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 14:12:41 | 000,085,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 14:12:38 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/03/05 14:12:38 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/03/05 14:12:37 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/03/05 14:12:37 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/03/05 14:12:37 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/03/05 14:12:35 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 14:12:34 | 002,238,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 14:12:33 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 14:12:33 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 14:12:33 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 14:12:12 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 14:12:11 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 14:12:11 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 14:12:11 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 14:12:10 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 14:12:10 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 14:12:09 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 14:12:09 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 14:12:09 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 14:12:09 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 14:12:09 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 14:12:08 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 14:12:08 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 14:12:06 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 14:12:06 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 14:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/05 14:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\ATI
[2014/03/05 14:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\ATI
[2014/03/05 13:36:46 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\InstallShield
[2014/03/03 23:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/03 23:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/27 15:11:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/02/17 11:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/17 11:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll

healing41
2014-03-13, 03:16
OTL logfile created on: 3/12/2014 2:30:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14daminute\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 45.59% Memory free
3.68 Gb Paging File | 2.37 Gb Available in Paging File | 64.32% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2500

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 24.99 Gb Free Space | 8.77% Space Free | Partition Type: NTFS

Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/12 14:05:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:[b]64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/06 17:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/12/06 13:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/07 17:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/03/23 02:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/05 13:36:26 | 004,726,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013/12/06 14:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/12/06 13:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/24 07:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/06/26 20:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 20:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 20:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 20:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/20 18:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/30 01:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/02/11 20:59:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2012/08/29 10:46:14 | 000,028,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 12:00:56 | 000,206,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/11/23 08:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/10/28 04:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/28 04:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/10/25 07:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 07:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/10/25 06:09:20 | 000,081,496 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/07/13 22:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 22:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/02/15 04:44:27 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\Windows\SysWOW64\drivers\Partizan.sys -- (Partizan)
DRV - [2013/08/27 15:37:50 | 000,028,656 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Users\Public\Music\Music\COMPUTER\SysinternalsSuite\PORTMSYS.SYS -- (PORTMON)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\14daminute\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8B EA B6 85 36 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {87BD924A-D432-47A2-A632-96AA9A3A4574}
IE - HKCU\..\SearchScopes\{002F1684-F771-48FE-80BC-2191F7AA69E4}: "URL" = http://www.ted.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{5E80220D-238A-4244-A118-692E140984F5}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{87BD924A-D432-47A2-A632-96AA9A3A4574}: "URL" = http://www.bing.com/search?FORM=UP75DF&PC=UP75&dt=042213&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)



O1 HOSTS File: ([2013/07/28 01:01:48 | 000,881,672 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ___id___.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 0.r.msn.com
O1 - Hosts: 127.0.0.1 005.free-counter.co.uk
O1 - Hosts: 127.0.0.1 006.free-counter.co.uk
O1 - Hosts: 127.0.0.1 007.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counters.co.uk
O1 - Hosts: 127.0.0.1 00fun.com
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0d7292.r.axf8.net
O1 - Hosts: 127.0.0.1 0f36f3.r.axf8.net
O1 - Hosts: 127.0.0.1 1.datacollector.coin.scribol.com
O1 - Hosts: 127.0.0.1 1.googlenews.xorg.pl
O1 - Hosts: 127.0.0.1 1.hot-dances.com
O1 - Hosts: 127.0.0.1 1.ofsnetwork.com
O1 - Hosts: 127.0.0.1 1.oz-over.com
O1 - Hosts: 127.0.0.1 1.sharkadnetwork.com
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 29100 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98462B45-E612-4FAF-B7CD-8A39F1B1FE69}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB506A23-32AD-42A6-8F0C-43067F3D3CDA}: DhcpNameServer = 192.168.14.1 66.233.127.12
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9874db10-6f75-11e2-a9ea-806e6f6e6963}\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\WinInit.exe -c
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/12 14:06:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/12 14:05:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/12 03:41:47 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/12 03:41:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/12 03:41:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/12 03:41:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/12 03:41:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/12 03:41:40 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/12 03:41:40 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/12 03:41:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/12 03:41:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/12 03:41:39 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/12 03:41:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/12 03:41:38 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/12 03:41:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/12 03:41:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/12 03:41:35 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/12 03:41:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/12 03:41:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/12 03:41:34 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/12 03:41:34 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/12 03:41:33 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/12 03:41:31 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/12 03:41:31 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/12 03:41:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/12 03:41:30 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/12 03:41:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/12 03:41:29 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/12 03:40:20 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/03/12 03:40:20 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/12 03:40:20 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/09 02:08:45 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2014/03/09 01:41:16 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\AMD
[2014/03/09 01:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/03/09 01:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/03/09 01:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2014/03/09 01:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/03/09 01:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/03/09 01:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/03/09 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/03/09 01:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/03/09 01:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/03/09 01:26:29 | 000,000,000 | ---D | C] -- C:\AMD
[2014/03/09 01:24:24 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\library_dir
[2014/03/09 01:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Pro
[2014/03/07 15:22:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/07 03:07:55 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RO2GNKV
[2014/03/07 03:05:57 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\$RL5HBKR
[2014/03/05 20:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/05 14:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/03/05 14:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/03/05 14:13:04 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 14:13:02 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 14:13:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 14:13:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 14:13:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 14:12:56 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 14:12:55 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 14:12:55 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 14:12:54 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 14:12:54 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 14:12:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 14:12:53 | 002,393,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 14:12:52 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 14:12:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 14:12:49 | 003,049,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 14:12:48 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 14:12:47 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 14:12:47 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 14:12:46 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 14:12:46 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 14:12:43 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 14:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 14:12:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 14:12:41 | 001,004,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 14:12:41 | 000,085,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 14:12:38 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/03/05 14:12:38 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/03/05 14:12:37 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/03/05 14:12:37 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/03/05 14:12:37 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/03/05 14:12:35 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 14:12:34 | 002,238,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 14:12:33 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 14:12:33 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 14:12:33 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 14:12:12 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 14:12:11 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 14:12:11 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 14:12:11 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 14:12:10 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 14:12:10 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 14:12:09 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 14:12:09 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 14:12:09 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 14:12:09 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 14:12:09 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 14:12:08 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 14:12:08 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 14:12:06 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 14:12:06 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 14:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/05 14:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\ATI
[2014/03/05 14:02:08 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\ATI
[2014/03/05 13:36:46 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\InstallShield
[2014/03/03 23:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/03 23:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/27 15:11:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/02/17 11:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

healing41
2014-03-13, 03:18
2014/02/17 11:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/17 11:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/02/17 11:20:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/02/17 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/02/17 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/02/17 11:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/02/17 11:20:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2014/02/17 11:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/02/17 10:38:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/15 06:27:48 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/02/15 06:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/15 06:27:28 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/02/15 04:53:57 | 000,040,720 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2014/02/15 04:44:27 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2014/02/15 04:44:07 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2014/02/15 04:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2014/02/15 04:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2014/02/15 04:03:19 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/15 00:00:20 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/14 21:54:10 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/02/14 21:54:02 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/02/14 21:54:02 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/02/14 21:54:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/02/14 21:54:00 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/02/14 21:54:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/02/14 21:54:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/02/14 21:54:00 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/02/14 21:53:59 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/02/14 21:53:59 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/14 21:53:59 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/02/14 21:53:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/02/14 21:53:59 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/02/14 21:53:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/02/14 21:53:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/02/14 21:53:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/14 21:53:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/02/14 21:53:57 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/14 21:53:57 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/02/14 21:53:57 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/02/14 21:53:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/02/14 21:53:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/02/14 21:53:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/02/14 21:53:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/02/14 21:53:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/02/14 21:53:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/02/14 21:53:55 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/02/14 21:53:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/02/14 21:53:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/02/14 21:53:54 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/02/14 21:53:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/02/14 21:53:54 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/02/14 21:53:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/02/14 21:53:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/02/14 21:53:53 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/02/14 21:53:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/02/14 21:53:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/02/14 21:53:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/02/14 21:53:53 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/02/14 21:53:52 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/02/14 21:53:52 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/02/14 21:53:52 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/14 21:53:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/02/14 21:53:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/14 21:53:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/02/14 21:53:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/02/14 21:53:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/02/14 21:53:51 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/02/14 21:53:50 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/14 21:53:50 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/02/14 21:53:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/02/14 21:53:50 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/02/14 21:53:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/02/14 21:53:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/02/14 21:53:50 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/02/14 21:50:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/02/14 21:50:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/02/14 21:50:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/02/14 21:50:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/02/14 21:50:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2014/02/14 21:50:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/02/14 21:50:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/02/14 21:50:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/02/14 21:50:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/02/14 21:50:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/02/14 21:50:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/02/14 21:50:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/02/14 21:50:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2014/02/14 21:50:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/02/14 21:50:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/02/14 21:50:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/02/14 21:50:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/02/14 21:50:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/02/14 21:50:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/02/14 21:50:03 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/02/14 21:50:03 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/02/14 21:50:03 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/02/14 21:50:02 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/02/14 21:50:01 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/14 21:50:01 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/14 20:37:50 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2014/02/14 17:26:29 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Roaming\LavasoftStatistics
[2014/02/14 16:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/02/13 23:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/13 23:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/02/13 23:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/13 23:33:29 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/13 23:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/13 23:33:12 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/13 23:33:12 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/13 23:33:12 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/13 23:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/02/13 16:12:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 16:12:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 16:12:11 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 16:12:10 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 16:12:10 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 16:12:09 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 16:12:09 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 16:12:08 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 16:12:08 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 16:12:07 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 16:12:07 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 16:12:06 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 16:12:06 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 16:12:06 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 16:12:05 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 16:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 16:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 16:12:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 16:12:04 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 16:11:55 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/02/13 16:11:54 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/02/13 16:11:32 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/13 16:11:31 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/13 16:09:30 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/02/12 14:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/02/12 14:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/02/11 22:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/11 22:18:55 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/11 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\14daminute\Desktop\mbar
[2014/02/11 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\14daminute\AppData\Local\Macromedia
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/12 14:25:29 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/12 14:25:29 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/12 14:22:49 | 000,783,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/12 14:22:49 | 000,663,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/12 14:22:49 | 000,122,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/12 14:18:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/12 14:18:04 | 1391,484,928 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/12 14:18:03 | 000,000,248 | ---- | M] () -- C:\Windows\SysWow64\PARTIZAL.EXE
[2014/03/12 14:05:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\14daminute\Desktop\OTL.exe
[2014/03/12 13:58:10 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/09 02:12:51 | 329,045,059 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/08 21:41:00 | 000,000,512 | ---- | M] () -- C:\Users\14daminute\Desktop\MBR.dat
[2014/03/07 05:54:00 | 000,023,557 | ---- | M] () -- C:\Users\14daminute\Desktop\FRST (2).zip
[2014/03/07 05:09:19 | 000,023,557 | ---- | M] () -- C:\Users\14daminute\Desktop\FRST.zip
[2014/03/07 03:50:08 | 000,090,703 | ---- | M] () -- C:\Users\14daminute\Desktop\TeamSpybot-20140306-233401.zip
[2014/03/07 00:34:02 | 000,101,284 | ---- | M] () -- C:\Users\14daminute\Desktop\Desktop-20140306-233401.png
[2014/03/06 23:00:15 | 000,000,565 | ---- | M] () -- C:\Users\14daminute\Desktop\mbr.dat.zip
[2014/03/06 22:11:36 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/05 20:52:31 | 000,002,883 | ---- | M] () -- C:\Users\14daminute\Desktop\$RL5HBKR.zip
[2014/03/05 20:14:36 | 000,000,897 | ---- | M] () -- C:\Users\14daminute\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2014/03/05 20:14:35 | 000,000,873 | ---- | M] () -- C:\Users\14daminute\Desktop\ERUNT.lnk
[2014/03/05 13:42:27 | 002,601,816 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/03/05 13:42:24 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/03/05 13:42:24 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/03/05 13:42:23 | 000,211,184 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/03/05 13:42:23 | 000,198,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/03/05 13:42:18 | 000,121,744 | ---- | M] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/03/05 13:42:17 | 000,220,496 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/03/05 13:42:16 | 000,081,232 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/03/05 13:42:16 | 000,078,160 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/03/05 13:42:16 | 000,074,064 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/03/05 13:42:15 | 001,146,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/03/05 13:42:14 | 002,393,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/03/05 13:42:13 | 000,332,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/03/05 13:42:09 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/03/05 13:42:08 | 003,049,064 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/03/05 13:42:07 | 000,648,808 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/03/05 13:42:06 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/03/05 13:42:06 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/03/05 13:42:06 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/03/05 13:42:06 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/03/05 13:42:04 | 001,242,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/03/05 13:42:03 | 001,004,544 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/03/05 13:42:03 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/03/05 13:42:03 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/03/05 13:42:03 | 000,085,096 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/03/05 13:41:55 | 000,334,680 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/03/05 13:41:54 | 002,238,296 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/03/05 13:41:53 | 002,197,264 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/03/05 13:41:52 | 000,341,336 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/03/05 13:41:52 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/03/05 13:41:30 | 002,075,712 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/03/05 13:41:30 | 000,475,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/03/05 13:41:29 | 001,327,208 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/03/05 13:41:29 | 000,491,112 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/03/05 13:41:28 | 001,179,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/03/05 13:41:28 | 000,317,032 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/03/05 13:41:28 | 000,269,928 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/03/05 13:41:27 | 000,266,856 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/03/05 13:41:27 | 000,126,056 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/03/05 13:41:27 | 000,125,544 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/03/05 13:41:27 | 000,125,032 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/03/05 13:41:26 | 001,111,656 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/03/05 13:41:26 | 000,504,936 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/03/05 13:41:24 | 000,200,800 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/03/05 13:41:24 | 000,108,960 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/03/05 13:40:20 | 000,042,510 | ---- | M] () -- C:\Windows\SysNative\drivers\RtPCEE4.DAT
[2014/03/05 13:40:19 | 000,247,560 | ---- | M] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2014/03/05 13:40:19 | 000,039,672 | ---- | M] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT
[2014/03/05 13:40:19 | 000,001,448 | ---- | M] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2014/03/05 13:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat
[2014/03/05 13:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat
[2014/03/05 13:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2014/03/05 13:40:19 | 000,000,520 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2014/03/05 13:40:19 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2014/03/05 13:40:15 | 001,284,712 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2014/03/05 13:38:08 | 000,749,150 | ---- | M] () -- C:\Windows\SysNative\oem17.inf
[2014/03/05 13:36:30 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2014/03/05 13:36:27 | 000,095,544 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2014/03/05 13:36:26 | 004,726,336 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2014/03/05 13:36:26 | 003,955,000 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2014/03/05 13:36:26 | 003,620,152 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2014/03/03 18:39:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/03 18:39:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/28 22:16:26 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/28 21:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/28 21:51:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/28 21:40:43 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/28 21:37:12 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/28 21:33:52 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/28 21:32:59 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/28 21:23:49 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/28 21:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/28 21:02:07 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/28 20:54:33 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/28 20:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/28 20:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/28 20:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/28 20:42:12 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/28 20:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/28 20:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/28 20:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/28 20:35:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/28 20:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/28 20:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/28 19:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/28 19:25:22 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/20 17:54:56 | 000,000,824 | ---- | M] () -- C:\Users\14daminute\Documents\cc_20140220_165451.reg
[2014/02/20 17:54:15 | 000,009,778 | ---- | M] () -- C:\Users\14daminute\Documents\cc_20140220_165354.reg
[2014/02/18 16:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2014/02/18 16:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2014/02/18 16:29:01 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/18 16:28:54 | 000,000,911 | ---- | M] () -- C:\Users\14daminute\Desktop\UnHackMe.lnk
[2014/02/17 17:28:00 | 000,001,257 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/02/17 16:12:53 | 000,007,616 | ---- | M] () -- C:\Users\14daminute\AppData\Local\Resmon.ResmonCfg
[2014/02/17 04:03:20 | 000,775,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/15 06:52:50 | 000,000,089 | ---- | M] () -- C:\Windows\SysNative\Partizan.RRI
[2014/02/15 06:27:48 | 000,001,232 | ---- | M] () -- C:\Users\14daminute\Desktop\Revo Uninstaller.lnk
[2014/02/15 04:53:57 | 000,040,720 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2014/02/15 04:44:27 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2014/02/14 21:54:10 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/02/14 21:54:02 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/02/14 21:54:02 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/02/14 21:54:02 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/02/14 21:54:00 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/02/14 21:54:00 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/02/14 21:54:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/02/14 21:54:00 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/02/14 21:53:59 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/02/14 21:53:59 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/14 21:53:59 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/02/14 21:53:59 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/02/14 21:53:59 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/02/14 21:53:59 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/02/14 21:53:59 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/02/14 21:53:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/14 21:53:58 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/14 21:53:58 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/02/14 21:53:57 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/14 21:53:57 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/02/14 21:53:57 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/02/14 21:53:57 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/02/14 21:53:57 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/02/14 21:53:57 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/02/14 21:53:56 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/02/14 21:53:56 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/02/14 21:53:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/02/14 21:53:55 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/02/14 21:53:55 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/02/14 21:53:55 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/02/14 21:53:54 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/02/14 21:53:54 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/02/14 21:53:54 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/02/14 21:53:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/02/14 21:53:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/02/14 21:53:53 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/02/14 21:53:53 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/02/14 21:53:53 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/02/14 21:53:53 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/02/14 21:53:53 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/02/14 21:53:52 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/02/14 21:53:52 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/02/14 21:53:52 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/14 21:53:52 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/02/14 21:53:52 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/14 21:53:52 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/02/14 21:53:52 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/02/14 21:53:52 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/14 21:53:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/02/14 21:53:51 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/02/14 21:53:51 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/02/14 21:53:50 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/14 21:53:50 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/02/14 21:53:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/02/14 21:53:50 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/02/14 21:53:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/02/14 21:53:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/02/13 23:32:54 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/13 23:32:49 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/13 23:32:49 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/13 23:32:49 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/12 14:53:10 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/11 22:18:55 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/11 16:38:01 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/09 02:12:51 | 329,045,059 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/03/08 21:40:59 | 000,000,512 | ---- | C] () -- C:\Users\14daminute\Desktop\MBR.dat
[2014/03/07 05:54:00 | 000,023,557 | ---- | C] () -- C:\Users\14daminute\Desktop\FRST (2).zip
[2014/03/07 05:09:19 | 000,023,557 | ---- | C] () -- C:\Users\14daminute\Desktop\FRST.zip
[2014/03/07 03:50:08 | 000,090,703 | ---- | C] () -- C:\Users\14daminute\Desktop\TeamSpybot-20140306-233401.zip
[2014/03/07 00:34:02 | 000,101,284 | ---- | C] () -- C:\Users\14daminute\Desktop\Desktop-20140306-233401.png
[2014/03/06 23:00:15 | 000,000,565 | ---- | C] () -- C:\Users\14daminute\Desktop\mbr.dat.zip
[2014/03/05 20:52:31 | 000,002,883 | ---- | C] () -- C:\Users\14daminute\Desktop\$RL5HBKR.zip
[2014/03/05 20:14:36 | 000,000,897 | ---- | C] () -- C:\Users\14daminute\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2014/03/05 20:14:35 | 000,000,873 | ---- | C] () -- C:\Users\14daminute\Desktop\ERUNT.lnk
[2014/03/05 14:09:54 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\PARTIZAL.EXE
[2014/03/05 13:38:24 | 000,749,150 | ---- | C] () -- C:\Windows\SysNative\oem17.inf
[2014/03/03 23:00:29 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/27 16:00:44 | 000,275,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/20 17:54:54 | 000,000,824 | ---- | C] () -- C:\Users\14daminute\Documents\cc_20140220_165451.reg
[2014/02/20 17:54:10 | 000,009,778 | ---- | C] () -- C:\Users\14daminute\Documents\cc_20140220_165354.reg
[2014/02/18 16:29:01 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2014/02/15 06:52:13 | 000,000,089 | ---- | C] () -- C:\Windows\SysNative\Partizan.RRI
[2014/02/15 06:27:48 | 000,001,232 | ---- | C] () -- C:\Users\14daminute\Desktop\Revo Uninstaller.lnk
[2014/02/15 04:44:19 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2014/02/15 04:44:19 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/15 04:44:07 | 000,000,911 | ---- | C] () -- C:\Users\14daminute\Desktop\UnHackMe.lnk
[2014/02/14 21:53:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/14 21:53:52 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/12 17:18:32 | 000,001,257 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/02/12 14:20:31 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/12 14:20:17 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/07 12:56:18 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/12/06 17:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/12/06 14:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/12/06 14:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/12/06 13:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/12/06 13:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/04/27 11:02:54 | 000,006,224 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 15:27:00 | 000,007,616 | ---- | C] () -- C:\Users\14daminute\AppData\Local\Resmon.ResmonCfg
[2013/02/16 08:44:06 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/24 13:20:17 | 000,775,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/26 14:48:23 | 000,020,448 | ---- | C] () -- C:\Users\14daminute\AppData\Roaming\UserTile.png
[2012/07/30 02:26:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/09 21:34:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

healing41
2014-03-13, 03:35
device manager tree view stil expanding and contracting rhythmically under my computers name yuanshen.

each logoff or restart has waiting for program to close box just before blue welcome screen windows task manager i think it says. should i force it question box appears and then all close. but its allways not already off even if i wait a reasonable time and then try.

the computer had been on all night and when i started using it , it was the fastest i had seen since new. i did a restart to answer your question about hows it running. windows installed eight updates and a reboot while i was rebooting.

there are many failed updates listed .do they ever get retried?

anyway after the updating it wasnt fast anymore and keeps wating...waiting.

no noticable change.

thanks for your efforts tho

OCD
2014-03-13, 06:20
Hi healing41,


device manager tree view stil expanding and contracting rhythmically under my computers name yuanshen.Does it behave this way under other user accounts?

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Windows Update

Open Windows Update by clicking the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/start.jpg.html). In the search box, type Update, and then, in the list of results, click Windows Update.
In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.
Click Install updates.
Read and accept the license terms, and then click Finish if the update requires it. http://i1269.photobucket.com/albums/jj590/OCD-WTT/adminshield.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/adminshield.jpg.html) Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".

Start menu, in the search bar type "cmd"
Right-click the cmd icon, select "run as administrator"
If you have user account control (UAC) set up it may prompt you to accept that action.
Then type in "chkdsk /r" (make note of the space between chkdsk and /)

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot

=========================

In your next post please provide the following:

Answer to the user account question
Any change in performance?

healing41
2014-03-16, 01:56
device manager acts the same either acct. and i cant call cmd as admin either
cmd doesnt come back as a search in admin acct. and search doesnt even recognize the word cmd

no real performance change except connects more often than before

healing41
2014-03-16, 02:58
if i start in safe mode i can access device manager. i saw the network adapter (pcie family controller) section was open bforehand. if i uninstall it will it reinstall on reboot automatically therby fixing?

OCD
2014-03-16, 03:47
Hi healing41,


device manager acts the same either acct. and i cant call cmd as admin either
cmd doesnt come back as a search in admin acct. and search doesnt even recognize the word cmd
Try typing the entire word "command" or "command prompt", then follow the previous directions.

=========================


if i start in safe mode i can access device manager. i saw the network adapter (pcie family controller) section was open bforehand. if i uninstall it will it reinstall on reboot automatically therby fixing?
I don't think you want to uninstall it. What I think you mean is you want to reset it. Go here >> http://windows.microsoft.com/en-us/windows/fix-network-adapter-problems#1TC=windows-7 expand the drop down menu next to "Reset the network adapter" and follow this instructions provided.

=========================

In your next post please provide the following:

Update on previous steps

healing41
2014-03-18, 02:45
cant get it ether way or either account. cant get msconfig.exe either

OCD
2014-03-18, 05:35
Hi healing41,

Let's try another way.

Go here (http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/) and scroll down to Method #1 and try and access the command prompt.

OCD
2014-03-21, 04:12
Hi healing41,

Just checking in to see if you still need help?

OCD
2014-03-23, 05:10
This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.

If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

tashi
2014-04-09, 21:40
Thank you OCD. :)