Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: SweetPacks Toolbar

  1. #1
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default SweetPacks Toolbar

    I was trying to DL a free program at cnet and picked up an unwanted toolbar. ><

    Right after seeing the toolbar I used Avast!'s Free Browser Cleanup. Unfortunately after running it and the program allegedly 'removing' it Avast! just doesn't recognize the toolbar that's still there.

    DLd and ran ERUNT.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
    Run by Mike at 17:20:39 on 2013-11-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8148.6343 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\dmwu.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\vVX3000.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Windows\SysWOW64\jmdp\stij.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\System32\ljkb\stij.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN52741901329354219&UM=2&ctid=CT3310511
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe -update activex
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC} : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [VX3000] C:\Windows\vVX3000.exe
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 205320]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-6 16152]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-14 1032416]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-14 409832]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-14 38984]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-14 84328]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-23 50344]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-6 13592]
    R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2013-11-17 1761584]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-6 161560]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15125280]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-6 363800]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-6 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-6 786200]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-28 39200]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-6 646248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-12 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-12 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-12 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-11-17 21:45:08 -------- d-----w- C:\Users\Mike\AppData\Local\WhiteListing
    2013-11-17 20:08:39 -------- d-----w- C:\Users\Mike\AppData\Local\Diagnostics
    2013-11-17 20:07:53 -------- d-----w- C:\ProgramData\Conduit
    2013-11-17 20:07:52 -------- d-----w- C:\Users\Mike\AppData\Local\Conduit
    2013-11-17 20:07:44 -------- d-----w- C:\Users\Mike\AppData\Roaming\SearchProtect
    2013-11-17 20:07:43 -------- d-----w- C:\Users\Mike\AppData\Local\NativeMessaging
    2013-11-17 20:07:42 -------- d-----w- C:\Program Files (x86)\Conduit
    2013-11-17 20:07:27 -------- d-----w- C:\Windows\SysWow64\jmdp
    2013-11-17 20:07:27 -------- d-----w- C:\Windows\System32\ljkb
    2013-11-17 20:07:23 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll
    2013-11-17 20:07:23 1761584 ----a-w- C:\Windows\System32\dmwu.exe
    2013-11-17 20:07:23 -------- d-----w- C:\Windows\SysWow64\ARFC
    2013-11-17 20:07:16 -------- d-----w- C:\Windows\SysWow64\WNLT
    2013-11-16 17:00:27 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7540B8E8-55DB-4C2C-ADB8-23488CC0AF5C}\mpengine.dll
    2013-11-14 01:25:16 1474048 ----a-w- C:\Windows\System32\crypt32.dll
    2013-11-13 03:55:58 -------- d-----w- C:\Users\Mike\AppData\Local\NVIDIA Corporation
    2013-11-09 20:07:00 74576 ----a-w- C:\Windows\System32\XAPOFX1_2.dll
    2013-11-09 20:07:00 70992 ----a-w- C:\Windows\SysWow64\XAPOFX1_2.dll
    2013-11-09 20:07:00 518480 ----a-w- C:\Windows\System32\XAudio2_3.dll
    2013-11-09 20:07:00 514384 ----a-w- C:\Windows\SysWow64\XAudio2_3.dll
    2013-11-02 14:09:29 9524088 ----a-w- C:\Windows\SysWow64\nvcuda.dll
    2013-10-28 15:57:50 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2013-10-28 15:57:50 1064224 ----a-w- C:\Windows\System32\nvspcap64.dll
    2013-10-28 15:57:21 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2013-10-28 15:57:21 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2013-10-27 15:32:37 1884448 ----a-w- C:\Windows\System32\nvdispco6433158.dll
    2013-10-27 15:32:37 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433158.dll
    2013-10-23 17:35:59 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-10-23 17:35:59 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-10-23 17:35:59 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-10-23 17:35:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-10-23 17:35:59 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-10-23 17:35:59 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-10-23 17:35:59 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-10-23 14:04:56 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVAST Software
    2013-10-23 07:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2013-10-20 11:30:47 -------- d--h--w- C:\Windows\msdownld.tmp
    2013-10-20 11:30:47 -------- d-----w- C:\Windows\SysWow64\directx
    2013-10-20 01:22:08 -------- d-----w- C:\Users\Mike\AppData\Local\WarThunder
    2013-10-20 01:22:08 -------- d-----w- C:\ProgramData\WarThunder
    2013-10-20 01:21:58 -------- d-----w- C:\Program Files (x86)\WarThunder
    .
    ==================== Find3M ====================
    .
    2013-10-23 14:02:30 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-10-23 14:02:30 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-10-23 14:02:30 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-10-23 14:02:30 43152 ----a-w- C:\Windows\avastSS.scr
    2013-10-23 14:02:30 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-10-23 14:02:30 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
    2013-10-15 21:29:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-10-15 21:29:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
    2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
    2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
    2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-10-08 11:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
    2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
    2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
    2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-09-27 23:01:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
    2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
    2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
    2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
    2013-09-18 02:22:42 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2013-09-18 02:22:42 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2013-09-18 02:22:42 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
    2013-09-18 02:22:42 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
    2013-09-12 07:25:40 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
    2013-09-09 07:57:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll
    2013-09-09 07:57:00 608080 ----a-w- C:\Windows\System32\msvcp100.dll
    2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
    2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
    2013-09-03 18:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
    2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
    2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
    .
    ============= FINISH: 17:20:56.75 ===============

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-11-17 17:22:39
    -----------------------------
    17:22:39.220 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:22:39.220 Number of processors: 4 586 0x3A09
    17:22:39.220 ComputerName: FIRE UserName: Mike
    17:22:40.312 Initialize success
    17:22:40.390 AVAST engine defs: 13111601
    17:22:44.618 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:22:44.618 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3
    17:22:44.696 Disk 0 MBR read successfully
    17:22:44.696 Disk 0 MBR scan
    17:22:44.712 Disk 0 Windows 7 default MBR code
    17:22:44.712 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:22:44.712 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
    17:22:44.727 Disk 0 scanning C:\Windows\system32\drivers
    17:22:50.047 Service scanning
    17:23:03.697 Modules scanning
    17:23:03.697 Disk 0 trace - called modules:
    17:23:03.712 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    17:23:03.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800760f790]
    17:23:03.712 3 CLASSPNP.SYS[fffff88001cbb43f] -> nt!IofCallDriver -> [0xfffffa8007210950]
    17:23:03.712 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800760e050]
    17:23:04.570 AVAST engine scan C:\Windows
    17:23:06.068 AVAST engine scan C:\Windows\system32
    17:24:17.220 AVAST engine scan C:\Windows\system32\drivers
    17:24:24.021 AVAST engine scan C:\Users\Mike
    17:24:38.311 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
    17:24:38.311 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi TheHaych,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    Important: All tools MUST be run from the Desktop.

    =========================

    Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    AdwCleaner v3: Scan & Clean
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that log file in your next reply.
    • A copy of that log file will also be saved in the C:\AdwCleaner folder.

    =========================

    Junkware Removal Tool

    Download Junkware Removal Tool to your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Shut down your protection software now to avoid potential conflicts.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    =========================

    OTL

    Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      services.*
      /md5stop
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    =========================

    In your next post please provide the following:
    • checkup.txt
    • AdwCleaner[S0].txt
    • JRT.txt
    • OTL.txt
    • Extras.txt
    • What symptoms are you experiencing?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    I've been able to run the first two programs during my lunch break. I'll try to get the rest tonight and I will edit this post with the new info.

    I will also note that after running just these two programs it has removed the SweetPacks toolbar.

    Results of screen317's Security Check version 0.99.77
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 45
    Adobe Flash Player 11.9.900.152
    Adobe Reader 10.1.8 Adobe Reader out of Date!
    Google Chrome 30.0.1599.101
    Google Chrome 31.0.1650.57
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    # AdwCleaner v3.013 - Report created 25/11/2013 at 12:48:38
    # Updated 24/11/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Mike - FIRE
    # Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : IBUpdaterService

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Windows\SysWOW64\ARFC
    Folder Deleted : C:\Windows\SysWOW64\jmdp
    Folder Deleted : C:\Windows\SysWOW64\WNLT
    Folder Deleted : C:\Windows\System32\ljkb
    Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
    Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Mike\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Mike\AppData\Roaming\Searchprotect
    File Deleted : C:\END
    File Deleted : C:\Windows\System32\dmwu.exe
    File Deleted : C:\Windows\System32\ImhxxpComm.dll
    File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage

    \hxxp_app.mam.conduit.com_0.localstorage
    File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage

    \hxxp_app.mam.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage

    \hxxp_fastcontent.conduit.com_0.localstorage
    File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage

    \hxxp_fastcontent.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-

    search.com_0.localstorage
    File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-

    search.com_0.localstorage-journal
    File Deleted : C:\Windows\System32\Tasks\DSite

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\wnlt
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
    Key Deleted : [x64] HKLM\SOFTWARE\wnlt

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16736

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v

    [ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gbg4rpfs.default-1374986477390\prefs.js ]


    -\\ Google Chrome v31.0.1650.57

    [ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : icon_url
    Deleted : search_url
    Deleted : suggest_url
    Deleted : keyword
    Deleted : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [4377 octets] - [25/11/2013 12:46:28]
    AdwCleaner[S0].txt - [3922 octets] - [25/11/2013 12:48:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3982 octets] ##########

  4. #4
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi TheHaych,

    I'll try to get the rest tonight and I will edit this post with the new info.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #5
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    *Continuation*

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Mike on Mon 11/25/2013 at 19:15:32.89
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A6517695-7907-4512-86CD-51557FB8CEDB}



    ~~~ Files

    Successfully deleted: [File] "C:\Users\Mike\appdata\locallow\SkwConfig.bin"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Mike\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\Mike\appdata\locallow\sweetpacks"



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 11/25/2013 at 19:18:40.44
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    OTL logfile created on: 11/25/2013 7:22:45 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.96 Gb Total Physical Memory | 6.46 Gb Available Physical Memory | 81.23% Memory free
    15.91 Gb Paging File | 14.27 Gb Available in Paging File | 89.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 782.15 Gb Free Space | 83.97% Space Free | Partition Type: NTFS

    Computer Name: FIRE | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d4493b0e5a5c6faf89cfeaa5f2a21034\IAStorUtil.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f2e5378561f764edc55f1de44264019b\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
    SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe (McAfee, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
    DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
    DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
    DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.rr.com/|about:home"
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/23 09:02:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Components: C:\Program Files\\Waterfox\components [2013/08/01 14:24:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins

    [2012/08/13 16:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions
    [2013/10/26 10:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\gbg4rpfs.default-1374986477390\extensions
    [2013/10/26 10:23:08 | 000,534,765 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\gbg4rpfs.default-1374986477390\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013/07/03 17:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/07/03 17:08:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com
    CHR - default_search_provider: suggest_url = http://www.google.com,
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - Extension: Google Docs = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/07/25 16:20:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\42d8c0af-8125-4502-9323-09f332c77ab9.exe (AVAST Software)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/25 19:20:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    [2013/11/25 19:15:07 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Mike\Desktop\JRT.exe
    [2013/11/25 12:45:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/11/25 12:37:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013/11/23 17:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2013/11/19 15:47:52 | 030,361,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
    [2013/11/19 15:47:52 | 025,257,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
    [2013/11/19 15:47:52 | 022,951,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
    [2013/11/19 15:47:52 | 018,208,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
    [2013/11/19 15:47:52 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
    [2013/11/19 15:47:52 | 015,862,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
    [2013/11/19 15:47:52 | 011,600,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
    [2013/11/19 15:47:52 | 011,514,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
    [2013/11/19 15:47:52 | 009,691,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
    [2013/11/19 15:47:52 | 009,619,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
    [2013/11/19 15:47:52 | 003,132,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
    [2013/11/19 15:47:52 | 003,125,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
    [2013/11/19 15:47:52 | 002,947,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
    [2013/11/19 15:47:52 | 002,747,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
    [2013/11/19 15:47:52 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433182.dll
    [2013/11/19 15:47:52 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433182.dll
    [2013/11/19 15:47:52 | 001,242,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
    [2013/11/19 15:47:52 | 000,707,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
    [2013/11/19 15:47:52 | 000,657,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
    [2013/11/19 15:47:52 | 000,609,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
    [2013/11/19 15:47:52 | 000,562,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
    [2013/11/19 15:47:52 | 000,317,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
    [2013/11/19 15:47:52 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
    [2013/11/19 15:47:52 | 000,168,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
    [2013/11/19 15:47:52 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
    [2013/11/17 17:22:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe
    [2013/11/17 17:20:06 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr
    [2013/11/17 17:17:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2013/11/17 17:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/11/17 17:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2013/11/17 16:45:08 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\WhiteListing
    [2013/11/17 15:08:39 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Diagnostics
    [2013/11/17 15:07:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\NativeMessaging
    [2013/11/14 02:12:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/11/14 02:12:23 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/11/14 02:12:23 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/11/14 02:12:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/11/14 02:12:23 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/11/14 02:12:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/11/14 02:12:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/11/14 02:12:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/11/14 02:12:23 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/11/14 02:12:23 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/11/14 02:12:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/11/14 02:12:22 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/11/14 02:12:22 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/11/14 02:12:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/11/14 02:12:21 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/11/13 20:25:16 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/11/13 20:25:13 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
    [2013/11/13 20:25:12 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
    [2013/11/13 20:25:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
    [2013/11/13 20:25:12 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
    [2013/11/13 20:25:12 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    [2013/11/13 20:25:08 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/11/13 20:25:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/11/13 20:25:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
    [2013/11/13 20:25:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
    [2013/11/13 20:25:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2013/11/13 20:25:05 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
    [2013/11/13 20:25:03 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
    [2013/11/13 20:25:03 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
    [2013/11/13 20:25:03 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
    [2013/11/13 20:25:03 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
    [2013/11/12 22:55:58 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\NVIDIA Corporation
    [2013/11/11 21:02:27 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
    [2013/11/11 21:02:27 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
    [2013/11/11 21:02:27 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
    [2013/11/11 21:02:27 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
    [2013/11/11 21:02:26 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
    [2013/11/11 21:02:26 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
    [2013/11/11 21:02:26 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
    [2013/11/11 21:02:26 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
    [2013/11/11 21:02:25 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
    [2013/11/11 21:02:25 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
    [2013/11/11 21:02:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
    [2013/11/11 21:02:25 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
    [2013/11/11 21:02:24 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
    [2013/11/11 21:02:24 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
    [2013/11/11 21:02:23 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
    [2013/11/11 21:02:23 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
    [2013/11/11 21:02:23 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
    [2013/11/11 21:02:23 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
    [2013/11/11 21:02:22 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
    [2013/11/11 21:02:22 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
    [2013/11/11 21:02:21 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
    [2013/11/11 21:02:21 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
    [2013/11/11 21:02:20 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
    [2013/11/11 21:02:20 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
    [2013/11/11 21:02:20 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
    [2013/11/11 21:02:20 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
    [2013/11/11 21:02:19 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
    [2013/11/11 21:02:19 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
    [2013/11/11 21:02:19 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
    [2013/11/11 21:02:19 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
    [2013/11/11 21:02:19 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
    [2013/11/11 21:02:19 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
    [2013/11/11 21:02:18 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
    [2013/11/11 21:02:18 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
    [2013/11/11 21:02:18 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
    [2013/11/11 21:02:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
    [2013/11/11 21:02:17 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
    [2013/11/11 21:02:17 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
    [2013/11/11 21:02:17 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
    [2013/11/11 21:02:17 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
    [2013/11/11 21:02:15 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
    [2013/11/11 21:02:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
    [2013/11/11 21:02:14 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
    [2013/11/11 21:02:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
    [2013/11/11 21:02:14 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
    [2013/11/11 21:02:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
    [2013/11/11 21:02:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
    [2013/11/11 21:02:13 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
    [2013/11/11 08:59:28 | 000,590,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
    [2013/11/09 15:07:00 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
    [2013/11/09 15:07:00 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
    [2013/11/09 15:07:00 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
    [2013/11/09 15:07:00 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
    [2013/11/09 15:06:59 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
    [2013/11/09 15:06:59 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
    [2013/11/09 15:06:59 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
    [2013/11/09 15:06:59 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
    [2013/11/09 15:06:57 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
    [2013/11/09 15:06:57 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
    [2013/11/09 15:06:57 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
    [2013/11/09 15:06:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
    [2013/11/09 15:06:56 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
    [2013/11/09 15:06:56 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
    [2013/11/09 15:06:55 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
    [2013/11/09 15:06:55 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
    [2013/11/09 15:06:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
    [2013/11/09 15:06:55 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
    [2013/11/09 15:06:55 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
    [2013/11/09 15:06:55 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
    [2013/11/09 15:06:54 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
    [2013/11/09 15:06:54 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
    [2013/11/09 15:06:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
    [2013/11/09 15:06:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
    [2013/11/09 15:06:54 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
    [2013/11/09 15:06:54 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
    [2013/11/09 15:06:52 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
    [2013/11/09 15:06:52 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
    [2013/11/09 15:06:52 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
    [2013/11/09 15:06:52 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
    [2013/11/09 15:06:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
    [2013/11/09 15:06:52 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
    [2013/11/09 15:06:51 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
    [2013/11/09 15:06:51 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
    [2013/11/09 15:06:51 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
    [2013/11/09 15:06:51 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
    [2013/11/09 15:06:51 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
    [2013/11/09 15:06:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
    [2013/11/09 15:06:49 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
    [2013/11/09 15:06:49 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
    [2013/11/09 15:06:49 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
    [2013/11/09 15:06:49 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
    [2013/11/09 15:06:48 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
    [2013/11/09 15:06:48 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
    [2013/11/09 15:06:48 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
    [2013/11/09 15:06:48 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
    [2013/11/09 15:06:46 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
    [2013/11/09 15:06:46 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
    [2013/11/09 15:06:46 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
    [2013/11/09 15:06:46 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
    [2013/11/09 15:06:45 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
    [2013/11/09 15:06:45 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
    [2013/11/09 15:06:45 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
    [2013/11/09 15:06:45 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
    [2013/11/09 15:06:44 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
    [2013/11/09 15:06:44 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
    [2013/11/09 15:06:43 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
    [2013/11/09 15:06:43 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
    [2013/11/09 15:06:43 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
    [2013/11/09 15:06:43 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
    [2013/11/09 15:06:42 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
    [2013/11/09 15:06:42 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
    [2013/11/09 15:06:42 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
    [2013/11/09 15:06:42 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
    [2013/11/09 15:06:41 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
    [2013/11/09 15:06:41 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
    [2013/11/09 15:06:41 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
    [2013/11/09 15:06:40 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
    [2013/11/09 15:06:40 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
    [2013/11/09 15:06:39 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
    [2013/11/09 15:06:39 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
    [2013/11/09 15:06:39 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
    [2013/11/09 15:06:39 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
    [2013/11/09 15:06:38 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
    [2013/11/09 15:06:38 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
    [2013/11/09 15:06:37 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
    [2013/11/09 15:06:37 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
    [2013/11/09 15:06:37 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
    [2013/11/09 15:06:37 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
    [2013/11/09 15:06:36 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
    [2013/11/09 15:06:36 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
    [2013/11/09 15:06:35 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
    [2013/11/09 15:06:35 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
    [2013/11/09 15:06:35 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
    [2013/11/09 15:06:35 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
    [2013/11/09 15:06:33 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
    [2013/11/09 15:06:33 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
    [2013/11/09 15:06:33 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
    [2013/11/09 15:06:33 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
    [2013/11/09 15:06:33 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
    [2013/11/09 15:06:33 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
    [2013/11/09 15:06:32 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
    [2013/11/09 15:06:32 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
    [2013/11/09 15:06:32 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
    [2013/11/09 15:06:32 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
    [2013/11/09 15:06:27 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
    [2013/11/09 15:06:27 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
    [2013/11/09 15:06:26 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
    [2013/11/09 15:06:26 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
    [2013/11/09 15:06:26 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
    [2013/11/09 15:06:26 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
    [2013/11/09 15:06:25 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
    [2013/11/09 15:06:25 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
    [2013/11/09 15:06:24 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
    [2013/11/09 15:06:24 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
    [2013/11/09 15:06:23 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
    [2013/11/09 15:06:23 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
    [2013/11/09 15:06:21 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
    [2013/11/09 15:06:21 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
    [2013/11/09 15:06:18 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
    [2013/11/09 15:06:18 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
    [2013/11/09 15:06:16 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
    [2013/11/09 15:06:16 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
    [2013/11/02 09:09:29 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
    [2013/11/02 09:09:29 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
    [2013/11/02 09:09:29 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
    [2013/10/28 10:57:50 | 001,064,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
    [2013/10/28 10:57:50 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
    [2013/10/28 10:57:21 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
    [2013/10/28 10:57:21 | 000,028,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
    [2013/10/27 10:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
    [2013/10/27 10:32:37 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433158.dll
    [2013/10/27 10:32:37 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433158.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/11/25 19:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    [2013/11/25 19:15:08 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Mike\Desktop\JRT.exe
    [2013/11/25 19:12:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/25 18:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/11/25 17:56:23 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/25 17:56:23 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/25 17:53:31 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/11/25 17:53:31 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/11/25 17:53:31 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/11/25 17:49:23 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/25 17:49:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/11/25 17:48:58 | 2112,557,055 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/25 12:51:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/11/25 12:51:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/11/25 12:45:32 | 001,091,882 | ---- | M] () -- C:\Users\Mike\Desktop\AdwCleaner.exe
    [2013/11/25 12:41:17 | 000,891,200 | ---- | M] () -- C:\Users\Mike\Desktop\SecurityCheck.exe
    [2013/11/20 18:14:22 | 000,000,220 | ---- | M] () -- C:\Users\Mike\Desktop\Company of Heroes Opposing Fronts.url
    [2013/11/17 17:24:38 | 000,000,512 | ---- | M] () -- C:\Users\Mike\Desktop\MBR.dat
    [2013/11/17 17:22:37 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe
    [2013/11/17 17:21:53 | 000,001,939 | ---- | M] () -- C:\Users\Mike\Desktop\Attach.zip
    [2013/11/17 17:20:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr
    [2013/11/17 17:16:38 | 000,000,924 | ---- | M] () -- C:\Users\Mike\Desktop\NTREGOPT.lnk
    [2013/11/17 17:16:38 | 000,000,905 | ---- | M] () -- C:\Users\Mike\Desktop\ERUNT.lnk
    [2013/11/14 06:55:27 | 018,293,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
    [2013/11/14 06:55:26 | 015,862,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
    [2013/11/14 06:55:25 | 030,361,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
    [2013/11/14 06:55:25 | 022,951,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
    [2013/11/14 06:55:25 | 011,514,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
    [2013/11/14 06:55:25 | 009,619,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
    [2013/11/14 06:55:25 | 001,436,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
    [2013/11/14 06:55:25 | 001,242,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
    [2013/11/14 06:55:25 | 000,707,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
    [2013/11/14 06:55:25 | 000,657,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
    [2013/11/14 06:55:25 | 000,609,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
    [2013/11/14 06:55:25 | 000,562,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
    [2013/11/14 06:55:25 | 000,317,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
    [2013/11/14 06:55:25 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
    [2013/11/14 06:55:25 | 000,168,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
    [2013/11/14 06:55:25 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
    [2013/11/14 06:55:25 | 000,023,754 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
    [2013/11/14 06:55:24 | 018,208,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
    [2013/11/14 06:55:24 | 015,218,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
    [2013/11/14 06:55:24 | 009,691,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
    [2013/11/14 06:55:24 | 003,132,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
    [2013/11/14 06:55:24 | 003,125,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
    [2013/11/14 06:55:24 | 002,947,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
    [2013/11/14 06:55:24 | 002,747,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
    [2013/11/14 06:55:24 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433182.dll
    [2013/11/14 06:55:24 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433182.dll
    [2013/11/14 06:55:23 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
    [2013/11/14 06:55:23 | 011,600,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
    [2013/11/14 06:55:22 | 025,257,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
    [2013/11/14 06:55:22 | 003,069,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
    [2013/11/14 06:55:22 | 002,697,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
    [2013/11/11 10:02:02 | 006,674,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
    [2013/11/11 10:02:02 | 003,490,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
    [2013/11/11 10:01:59 | 000,219,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
    [2013/11/11 10:01:59 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
    [2013/11/11 10:01:58 | 003,467,927 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
    [2013/11/11 08:59:28 | 000,590,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
    [2013/11/10 19:21:20 | 000,000,222 | ---- | M] () -- C:\Users\Mike\Desktop\Company of Heroes (New Steam Version).url
    [2013/11/10 17:39:10 | 000,000,221 | ---- | M] () -- C:\Users\Mike\Desktop\Men of War Assault Squad.url
    [2013/11/09 16:56:19 | 000,000,220 | ---- | M] () -- C:\Users\Mike\Desktop\Men of War.url
    [2013/11/09 10:23:48 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
    [2013/11/08 15:47:40 | 001,064,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
    [2013/11/08 15:47:39 | 000,955,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/25 12:45:14 | 001,091,882 | ---- | C] () -- C:\Users\Mike\Desktop\AdwCleaner.exe
    [2013/11/25 12:41:17 | 000,891,200 | ---- | C] () -- C:\Users\Mike\Desktop\SecurityCheck.exe
    [2013/11/20 18:14:22 | 000,000,220 | ---- | C] () -- C:\Users\Mike\Desktop\Company of Heroes Opposing Fronts.url
    [2013/11/17 17:24:38 | 000,000,512 | ---- | C] () -- C:\Users\Mike\Desktop\MBR.dat
    [2013/11/17 17:21:53 | 000,001,939 | ---- | C] () -- C:\Users\Mike\Desktop\Attach.zip
    [2013/11/17 17:16:38 | 000,000,924 | ---- | C] () -- C:\Users\Mike\Desktop\NTREGOPT.lnk
    [2013/11/17 17:16:38 | 000,000,905 | ---- | C] () -- C:\Users\Mike\Desktop\ERUNT.lnk
    [2013/11/10 19:21:20 | 000,000,222 | ---- | C] () -- C:\Users\Mike\Desktop\Company of Heroes (New Steam Version).url
    [2013/11/10 17:39:10 | 000,000,221 | ---- | C] () -- C:\Users\Mike\Desktop\Men of War Assault Squad.url
    [2013/11/09 16:56:19 | 000,000,220 | ---- | C] () -- C:\Users\Mike\Desktop\Men of War.url
    [2013/08/11 11:36:17 | 000,007,636 | ---- | C] () -- C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
    [2013/07/09 17:38:48 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/08/14 14:57:14 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2012/08/14 09:46:34 | 000,000,111 | ---- | C] () -- C:\Users\Mike\mumble.mumblelay
    [2012/08/06 18:10:42 | 000,053,662 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2012/08/06 18:10:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/08/06 18:09:59 | 000,038,470 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/02/03 00:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/10/23 09:04:56 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AVAST Software
    [2013/10/15 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Guild Wars 2
    [2013/02/10 11:12:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IrfanView
    [2013/07/13 22:48:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mumble
    [2013/07/31 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Waterfox Limited

  7. #7
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    *OTL Continued*
    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    < MD5 for: EXPLORER.ADML >
    [2010/11/21 02:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

    < MD5 for: EXPLORER.ADMX >
    [2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

    < MD5 for: EXPLORER.EXE >
    [2013/11/17 15:07:17 | 000,052,392 | ---- | M] () MD5=044DD9DC2BE5DDF33729EB9F7C6C1D37 -- C:\Windows\Temp\21544b55-9f14-4fd6-8867-15f855c1445e\explorer.exe
    [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: EXPLORER.EXE.MUI >
    [2010/11/21 02:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
    [2010/11/21 02:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
    [2010/11/21 02:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
    [2010/11/21 02:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

    < MD5 for: EXPLORER.EXE-A80E4F97.PF >
    [2013/11/25 19:16:43 | 000,161,462 | ---- | M] () MD5=1AA546A474C381D8DA6FD3EEC24AC47C -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

    < MD5 for: IEXPLORE.BAT >
    [2013/10/15 17:05:47 | 000,031,414 | ---- | M] () MD5=75C9C20DD9839BF287B43B0E179822DC -- C:\Users\Mike\AppData\Local\Temp\jrt\iexplore.bat

    < MD5 for: IEXPLORE.EXE >
    [2013/10/12 16:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Program Files\Internet Explorer\iexplore.exe
    [2013/10/12 16:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
    [2013/10/12 04:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
    [2013/04/22 07:56:12 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_16920d4a1e377ea4\iexplore.exe
    [2010/11/20 22:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
    [2013/10/12 02:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
    [2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
    [2010/11/20 22:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
    [2013/09/22 18:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
    [2013/10/12 02:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    [2013/10/12 02:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
    [2013/09/22 19:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
    [2013/04/22 07:56:13 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
    [2013/09/22 20:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
    [2013/09/22 20:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe

    < MD5 for: IEXPLORE.EXE.MUI >
    [2013/04/22 07:56:13 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
    [2013/04/22 07:56:13 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2013/04/22 07:56:13 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
    [2013/04/22 07:56:13 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
    [2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
    [2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-4B6C9213.PF >
    [2013/11/25 19:19:13 | 000,303,690 | ---- | M] () MD5=5E7764F2154A3F9C6EBDAF8A5E98138B -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

    < MD5 for: IEXPLORE.EXE-908C99F8.PF >
    [2013/11/25 19:19:13 | 000,105,974 | ---- | M] () MD5=55230E4446406EEEA447974AA6D1E220 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

    < MD5 for: SERVICES >
    [2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

    < MD5 for: SERVICES.CFG >
    [2013/09/03 08:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
    [2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

    < MD5 for: SERVICES.DAT >
    [2013/11/05 17:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Users\Mike\AppData\Local\Temp\jrt\services.dat

    < MD5 for: SERVICES.EXE >
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SERVICES.EXE.MUI >
    [2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
    [2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

    < MD5 for: SERVICES.LNK >
    [2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
    [2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

    < MD5 for: SERVICES.MOF >
    [2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
    [2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

    < MD5 for: SERVICES.MSC >
    [2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
    [2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
    [2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
    [2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
    [2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
    [2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
    [2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
    [2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

    < MD5 for: SERVICES.PTXML >
    [2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
    [2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

    < MD5 for: WINLOGON.ADML >
    [2010/11/21 02:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

    < MD5 for: WINLOGON.ADMX >
    [2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2010/11/21 02:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
    [2010/11/21 02:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

    < MD5 for: WINLOGON.MFL >
    [2010/11/21 02:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
    [2010/11/21 02:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

    < MD5 for: WINLOGON.MOF >
    [2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
    [2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

    < %SYSTEMDRIVE%\*.* >
    [2013/07/23 13:01:36 | 000,016,228 | ---- | M] () -- C:\AdwCleaner[S1].txt
    [2013/07/23 13:04:52 | 000,000,991 | ---- | M] () -- C:\AdwCleaner[S2].txt
    [2013/11/25 17:48:58 | 2112,557,055 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/20 21:09:50 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
    [2013/11/25 17:48:59 | 4248,399,871 | -HS- | M] () -- C:\pagefile.sys
    [2012/08/06 18:15:23 | 000,002,169 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2013/10/23 09:02:30 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/04/17 03:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C has no label.
    Volume Serial Number is FA27-339A
    Directory of C:\
    07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
    07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
    07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users
    07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
    07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
    07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
    07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
    07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
    07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
    07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Mike
    08/13/2012 04:08 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Roaming]
    08/13/2012 04:08 PM <JUNCTION> Cookies [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies]
    08/13/2012 04:08 PM <JUNCTION> Local Settings [C:\Users\Mike\AppData\Local]
    08/13/2012 04:08 PM <JUNCTION> My Documents [C:\Users\Mike\Documents]
    08/13/2012 04:08 PM <JUNCTION> NetHood [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    08/13/2012 04:08 PM <JUNCTION> PrintHood [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    08/13/2012 04:08 PM <JUNCTION> Recent [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Recent]
    08/13/2012 04:08 PM <JUNCTION> SendTo [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\SendTo]
    08/13/2012 04:08 PM <JUNCTION> Start Menu [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu]
    08/13/2012 04:08 PM <JUNCTION> Templates [C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Mike\AppData\Local
    08/13/2012 04:08 PM <JUNCTION> Application Data [C:\Users\Mike\AppData\Local]
    08/13/2012 04:08 PM <JUNCTION> History [C:\Users\Mike\AppData\Local\Microsoft\Windows\History]
    08/13/2012 04:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Mike\Documents
    08/13/2012 04:08 PM <JUNCTION> My Music [C:\Users\Mike\Music]
    08/13/2012 04:08 PM <JUNCTION> My Pictures [C:\Users\Mike\Pictures]
    08/13/2012 04:08 PM <JUNCTION> My Videos [C:\Users\Mike\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
    07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\UpdatusUser
    08/06/2012 06:30 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
    08/06/2012 06:30 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
    08/06/2012 06:30 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
    08/06/2012 06:30 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
    08/06/2012 06:30 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    08/06/2012 06:30 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    08/06/2012 06:30 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
    08/06/2012 06:30 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
    08/06/2012 06:30 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
    08/06/2012 06:30 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\UpdatusUser\AppData\Local
    08/06/2012 06:30 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
    08/06/2012 06:30 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
    08/06/2012 06:30 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\UpdatusUser\Documents
    08/06/2012 06:30 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
    08/06/2012 06:30 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
    08/06/2012 06:30 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    0 File(s) 0 bytes
    66 Dir(s) 839,509,868,544 bytes free

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/08/13 16:15:08 | 000,000,221 | -HS- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2013/11/25 12:45:32 | 001,091,882 | ---- | M] () -- C:\Users\Mike\Desktop\AdwCleaner.exe
    [2013/11/17 17:22:37 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe
    [2013/11/25 19:15:08 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Mike\Desktop\JRT.exe
    [2013/11/25 19:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    [2013/11/25 12:41:17 | 000,891,200 | ---- | M] () -- C:\Users\Mike\Desktop\SecurityCheck.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2009/06/26 16:24:18 | 000,013,023 | ---- | M] () -- C:\Windows\VX3000.src
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Base Services ==========
    SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
    SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
    SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
    SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
    SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
    SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
    SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
    SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
    SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
    SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
    SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
    SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
    SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
    SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
    SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
    SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
    SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
    SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
    SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
    SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
    SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
    SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
    SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
    SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
    SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
    SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
    SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
    SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
    SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
    SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
    SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
    SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
    SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
    SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
    SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
    SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
    SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
    SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
    SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
    SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
    SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
    SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
    SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
    SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
    SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
    SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
    SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
    SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
    SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
    SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
    SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
    SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
    SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: Hitachi HDS721010DLE630
    Partitions: 2
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 931.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    < End of report >

  8. #8
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    OTL Extras logfile created on: 11/25/2013 7:22:45 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.96 Gb Total Physical Memory | 6.46 Gb Available Physical Memory | 81.23% Memory free
    15.91 Gb Paging File | 14.27 Gb Available in Paging File | 89.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 782.15 Gb Free Space | 83.97% Space Free | Partition Type: NTFS

    Computer Name: FIRE | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\waterfox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{033189CD-E684-4B8E-971E-FB69711E77F4}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{0A0FA5CD-C84F-433D-92E8-67CADBDAB0AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{10F1A423-6587-4D07-925C-9212F1B0C936}" = lport=137 | protocol=17 | dir=in | app=system |
    "{159633D8-AD29-4FA0-8B5B-DBCEB4AD3F44}" = rport=139 | protocol=6 | dir=out | app=system |
    "{293E191A-D9C2-4497-A3DC-EA9FC2E4BA39}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{2B558CFC-62E7-4BAE-A1AF-ADD3F7390B34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{35DEB96C-A068-4F89-8F95-5F3AB8A69734}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3ABDD9E9-6946-40F7-A004-3D650392356E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3B6BA7D6-B284-4957-ADEB-C9E278B547CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3DB25675-5FA4-4DDC-9FB5-4D2FDE64DADC}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{3EF5152B-9D9D-4714-9386-4EC9BE4D6AFF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{411559E8-3C06-4CA5-8B1B-E30008DC9472}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{4B02AB52-7DD3-414E-8569-5CBE5047E646}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{62C29BF7-A95D-4DBB-A6F2-409D30568A8B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{65C9E2F3-5EE0-4911-B590-C23EC92F1EBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{66B2A899-47D0-4FA8-87E5-1E8AB126F55A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{689B0E5B-6DFA-4BAA-A9CF-635447C34B43}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{6A9DF692-AE33-4BD6-BB97-7BA837FEC51F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{715CA54F-5256-4FF2-B707-A12E29219820}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{7437F7BE-24FF-4E30-AF52-EA63E99CC3B1}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{7B2AE6BA-60E5-42B5-A8A8-8C669C049244}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7E999886-C0E9-4978-9080-25EBFFEB45B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8309E7AD-50AB-4052-868D-451B02BCE58E}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8829B779-23DE-4971-AE23-A7A46320E19B}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{920F7FBB-8099-4399-8E7C-0B9CAD60BB51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{936BE705-7A0A-432B-914F-9ADDCE976E20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{A8C93739-761C-4B8B-9E08-619BA0EE7BD3}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{AD1CEEF9-3090-457F-9326-5D1DE1AB2E17}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{B0CC8793-1018-485F-97C7-630CB4FA3698}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B9D176FF-270F-40EB-AD7B-F56F7D56441B}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{BD3B4D52-DCCB-4EB3-A16D-9496D52AAA8C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BF887576-23B9-4A7E-9028-E45E2A21859B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{CB6AE700-042D-4552-83DB-BD2EE8949EA0}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{CF86FD82-7D39-485E-912E-6ACA6BBCA027}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{D780D2D3-2C6E-4A4B-808C-291839ED713A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{DADBD55C-31AE-498E-9EC5-7BE062A94ED6}" = lport=139 | protocol=6 | dir=in | app=system |
    "{E2087133-9C8C-41E3-9E22-5CB47BB89300}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F1E8A824-6207-4E7C-B205-FE12556C9DC7}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{F8BEBD35-0A60-45DF-9AD2-C9952D69BF35}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03E33C76-5E22-4857-8390-7716397C76B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{08ACA2D8-4659-4626-8BDE-EF30C68BBB2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe |
    "{08D4FB84-5FC9-4F96-8DC7-ACF98AF2BF95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{0B76B9DC-0F7B-4898-9C10-70C75CE3BFB9}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{0F87D71A-6B0A-4DD7-844B-7A28A90A5AA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
    "{10C43E56-C56D-4DBD-9F3C-53608A5900E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1495C8C7-6149-4935-A431-74DFA9770B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe |
    "{1712FFD4-FF91-48A9-B949-9C5CA9CE6424}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{19A7E271-849C-4574-A8C3-1E96D8E4E397}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
    "{1B337F79-D2FE-47E6-969A-6C95803A3287}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{1C77C1E0-61D2-4AB2-89D4-F83437451965}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1D97A3C9-B312-4B39-A967-8F213FBEA410}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{1F155294-C03E-4E01-8398-0CED759E2254}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{1FD87F9E-C3C8-4870-8515-AA0EDAF11630}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{20456658-5DF8-4C4E-B32A-1DCCCA5E651E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
    "{2172ED89-7F91-4B0D-B62F-0F0C9B1A58CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{21B0C1D4-91C9-4043-B23A-C43204B5F4D5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{21ECE219-B96E-4140-A830-C8DDDA378456}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{25C2E0F0-0D0B-4326-AF8A-C59C2F7457CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{289069C3-4F1C-44EC-8B9C-B27FBF6CF2CD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{2A55E2E3-ECEC-49BE-84ED-C0A196613628}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe |
    "{2D44BF42-16D6-458C-85BE-2328EFD52EF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2F1FF137-9B54-474E-A60B-BF2F160DB5AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{30938C3A-2729-4BF3-9DD8-7A03C747C0F8}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{386C7A24-6E55-4B60-A410-76709C1EBE08}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{40989CC2-A799-40A5-B2EC-392F33A17B05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
    "{41BC65C6-12CD-4FA8-9173-EDF340BB64C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{452C42E2-A3C0-48BE-8B0E-5F7B4C613B53}" = protocol=6 | dir=out | app=system |
    "{48211871-0D08-4F7F-955F-43F0DBCD95BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{55D9CE0A-E00E-4355-AACA-EFADA58D5B8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{567FCC07-2611-4E94-8A5C-6943EB3D4434}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
    "{5FD95C49-1690-434F-864B-53B5E5248476}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{65B57578-F102-47EA-80DE-DEBC5F639201}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{67A427FA-00DF-4DD4-9EC6-02F8CEC58D66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe |
    "{6B0FFEFE-03FE-4E19-8D6F-B9D89DEFD6B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe |
    "{6C41773B-768E-4663-B534-BA93828BFE64}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{6CCF0D9E-7C2E-43DE-B91C-0E69D717EB3D}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
    "{6F85F38C-41C6-490D-8EB1-00085591D24A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{77203CD6-076E-41B3-94EE-63780B3879CD}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{77381699-3A96-4E34-9B68-1A2F16FF3634}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{7B1D901D-6296-4174-A5DB-C99BE435C3FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{814E3E13-BDD1-4AC2-BC71-917ECC977D62}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{868EFD30-EFC1-4628-82A0-66DCCB2160DD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{87AA6122-169B-43B5-AEC3-819B33B966E0}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{8A54E6BA-0C7B-4D9D-B2A0-E774B78481BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
    "{9487624C-7E31-440E-8A26-A5D1E823B2D6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A023E87E-09A2-4184-9582-BA17015EC4E4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{A1F5E64B-2BB5-4C1B-AE5D-2D92C8F52423}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{AD1861C1-A63A-468A-AC05-9AB2B42E718D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B440444D-3FAD-49F6-944D-47C4ECE7A94D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{B762B3DE-8955-4746-9A00-E418042D069D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe |
    "{B94C8DC8-8C3B-4DD9-8BEF-6333988F7E9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{BD5B3C3E-0C8F-4AAD-A34D-1089F9388A88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe |
    "{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{C94B7BBA-7528-4065-A327-32837718CFBA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{CB28E3DC-0E6E-45ED-8FFC-1665247B5F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{D58F99D5-1A8E-4710-A858-544D13F007C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{DB4D0A73-5146-4564-8578-13A25C546F2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DD584F02-60F6-468E-AEF0-B3D6C765E1D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{DE27517D-B7D5-4B80-AAF1-0B57D10A45C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
    "{DF0A6F51-499A-4B35-9383-9B5C01CB2487}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{E293BFF4-E01B-417D-B5CA-8750987151D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe |
    "{E9FD2DA1-3A48-4508-A761-664AEE66B071}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "TCP Query User{37BFB86C-A79F-4ADF-BE82-6052326782A3}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
    "TCP Query User{3C32642B-9F7A-4E9C-9806-09B824FC73BE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "TCP Query User{8E336DB2-DE2B-4F43-9C07-82C5C5C54728}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\aces.exe |
    "TCP Query User{97901DD5-8F0A-4AEE-84E2-A15EEC27201C}C:\users\mike\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\mike\appdata\local\temp\gw2.exe |
    "TCP Query User{BC88B539-EADB-40AC-81AA-F07CBC459370}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
    "UDP Query User{7609FC91-77A4-4367-BF62-F075EF33FDFD}C:\users\mike\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\mike\appdata\local\temp\gw2.exe |
    "UDP Query User{B8CCFE1C-D4AD-41FB-A75F-4B9576D562AB}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "UDP Query User{BA47BB54-5A53-4F96-B5E4-17AA740E8C89}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
    "UDP Query User{F24C5235-0C8E-4088-BA00-5626172CEEBD}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
    "UDP Query User{FEDE09BB-BBCC-467A-AED5-31E42F051757}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\aces.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.82
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.82
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.82
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.82
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}" = Waterfox
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{E0955568-4353-4C85-8988-285A8C0F5E87}" = Mumble 1.2.4
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.278
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "ERUNT_is1" = ERUNT 1.1j
    "Google Chrome" = Google Chrome
    "Guild Wars 2" = Guild Wars 2
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Steam App 200510" = XCOM: Enemy Unknown
    "Steam App 212680" = FTL: Faster Than Light
    "Steam App 228200" = Company of Heroes (New Steam Version)
    "Steam App 236390" = War Thunder
    "Steam App 64000" = Men of War: Assault Squad
    "Steam App 7830" = Men of War
    "Steam App 9340" = Company of Heroes: Opposing Fronts
    "VLC media player" = VLC media player 2.0.7
    "WinLiveSuite_Wave3" = Windows Live Essentials

    < End of report >

  9. #9
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi TheHaych,

    Run OTL.exe

      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done

    =========================

    Malwarebytes' Anti-Malware

    Locate Malwarebytes' Anti-Malware (it should be on your desktop).
    If not, download it here
    • Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
    • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
    • Select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    =========================

    ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:
    • OTL fix log
    • MBAM log
    • ESET's log.txt
    • Any symptoms?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  10. #10
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: hedev
    ->Temp folder emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 197555370 bytes
    ->Temporary Internet Files folder emptied: 241153427 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 14914555 bytes
    ->Google Chrome cache emptied: 374984302 bytes
    ->Flash cache emptied: 2560 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 161111497 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 48076 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 944.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11262013_122308

    Files\Folders moved on Reboot...
    C:\Users\Mike\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Mike\AppData\Local\Temp\~DF23C4C9B84F974381.TMP not found!
    File\Folder C:\Users\Mike\AppData\Local\Temp\~DF5577490ABF148AA0.TMP not found!
    File\Folder C:\Users\Mike\AppData\Local\Temp\~DF5934D44A6FD801F6.TMP not found!
    File\Folder C:\Users\Mike\AppData\Local\Temp\~DF752C16B7ED11D14E.TMP not found!
    File\Folder C:\Users\Mike\AppData\Local\Temp\~DF75B58837CBC4CBCA.TMP not found!
    File\Folder C:\Users\Mike\AppData\Local\Temp\~DFFEC108EC4084CA4D.TMP not found!
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2JXE6SB0\showthread[1].htm moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.26.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16736
    Mike :: FIRE [administrator]

    11/26/2013 12:29:07 PM
    mbam-log-2013-11-26 (12-29-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234270
    Time elapsed: 2 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Mike\Downloads\produkey-x64.zip (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
    C:\Users\Mike\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

    (end)
    EsetScan

    C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir a variant of Win32/Toolbar.Perion.G application
    C:\Users\Mike\Downloads\cbsidlm-cbsi134-Dxtory-SEO-10705596.exe a variant of Win32/CNETInstaller.B application
    C:\Users\Mike\Downloads\Chrome (1).exe a variant of Win32/AirAdInstaller.A application
    C:\Users\Mike\Downloads\Chrome.exe a variant of Win32/AirAdInstaller.A application
    C:\Users\Mike\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.BQ application


    ...and nothing seems to be acting up at the moment.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •