Solved Heuristics.reserved.word.exploit

Status
Not open for further replies.
T

TrunkMonkey

Posts: 73   +0
Two days ago my machine began to act strangely, so I did some googling based on windows messages I was getting. That brought me to downloading a free trial of MalwareBytes Pro, which found 2 instances of this malware. I instructed MB to delete these files. For a while I thought I was in the clear, but now I'm pretty sure I need your help. Here is the requested 3 logs:


Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.08.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Justin Sidwell :: TOWEROFPOWER10 [administrator]

Protection: Enabled

1/8/2013 10:49:25 AM
mbam-log-2013-01-08 (10-49-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 229765
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
DDS (attach.txt)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/23/2010 1:15:33 AM
System Uptime: 1/8/2013 10:44:17 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 343.545 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 1 GiB total, 0.656 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP466: 1/5/2013 4:53:03 AM - IObit Uninstaller restore point
RP467: 1/5/2013 4:54:23 AM - IObit Uninstaller restore point
RP468: 1/5/2013 9:48:29 AM - Windows Update
RP470: 1/5/2013 5:28:50 PM - Windows Update
RP471: 1/5/2013 7:20:03 PM - Windows Update
RP472: 1/6/2013 12:32:32 AM - Installed Microsoft Fix it 50897
RP473: 1/6/2013 1:41:10 AM - xml bullshit
RP474: 1/6/2013 6:01:09 AM - Restore Operation
RP475: 1/6/2013 7:23:05 AM - Windows Update
RP476: 1/6/2013 12:45:55 PM - stable
RP477: 1/6/2013 1:09:02 PM - stable
RP478: 1/6/2013 10:35:36 PM - IObit Uninstaller restore point
RP479: 1/6/2013 10:38:05 PM - IObit Uninstaller restore point
RP480: 1/6/2013 10:41:16 PM - Removed TurboV EVO
RP481: 1/6/2013 10:42:19 PM - IObit Uninstaller restore point
RP482: 1/6/2013 10:42:35 PM - Removed TurboV EVO
RP483: 1/6/2013 11:19:26 PM - IObit Uninstaller restore point
RP484: 1/6/2013 11:23:33 PM - IObit Uninstaller restore point
RP485: 1/6/2013 11:24:29 PM - IObit Uninstaller restore point
RP486: 1/6/2013 11:24:53 PM - Removed JMicron JMB36X Driver
RP487: 1/7/2013 4:27:22 PM - reg assassin
RP488: 1/7/2013 6:10:17 PM - IObit Uninstaller restore point
RP489: 1/7/2013 7:30:17 PM - Removed Java 7 Update 9
RP490: 1/8/2013 3:15:35 AM - Restore Operation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD System Monitor
AMD VISION Engine Control Center
Call of Duty(R) 4 - Modern Warfare(TM) Demo
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DocProc
Doom 3
Dropbox
eReg
Geekbench 2.4
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
Java 7 Update 9
Java Auto Updater
Logitech Harmony Remote Software 7
Logitech SetPoint 6.30
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
MyFreeCodec
NEC Electronics USB 3.0 Host Controller Driver
neroxml
NETGEAR GA311 Gigabit Adapter
Platform
Portal
Portal 2
Radeon RAMDisk
Realtek Ethernet Controller Driver For Windows 7
Remote Control USB Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Smart Defrag 2
SmartPack 1.21.0
SmartWebPrinting
Steam
Team Fortress 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup
VIA Platform Device Manager
VLC media player 2.0.5
Windows 7 Logon Background Changer
.
==== Event Viewer Messages From Past Week ========
.
1/8/2013 3:53:30 AM, Error: Microsoft-Windows-HttpEvent [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
1/8/2013 3:21:29 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.141.3310.0;1.141.3310.0 Engine version: 1.1.9002.0
1/8/2013 12:54:52 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F9E98BE2-3828-45B7-A2B7-D61FD2EF7F5B} because another computer on the network has the same name. The server could not start.
1/8/2013 11:04:22 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
1/8/2013 10:44:26 AM, Error: volmgr [46] - Crash dump initialization failed!
1/8/2013 1:49:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/7/2013 4:24:57 PM, Error: Schannel [36888] - The following fatal alert was generated: 70. The internal error state is 105.
1/7/2013 11:54:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/7/2013 10:27:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
1/6/2013 6:12:20 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.141.3214.0;1.141.3214.0 Engine version: 1.1.9002.0
1/6/2013 4:30:05 AM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
1/6/2013 4:30:05 AM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
1/6/2013 4:30:05 AM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
1/6/2013 11:28:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/6/2013 1:57:57 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024864.
1/6/2013 1:57:57 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070020.
1/5/2013 3:16:48 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================


DDS (DDS.txt)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
[FONT=mceinline]Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2[/FONT]
[FONT=mceinline]Run by Justin Sidwell at 11:04:34 on 2013-01-08[/FONT]
[FONT=mceinline]Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.1623 [GMT -6:00][/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}[/FONT]
[FONT=mceinline]SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}[/FONT]
[FONT=mceinline]SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]============== Running Processes ===============[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]C:\Windows\system32\lsm.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\svchost.exe -k DcomLaunch[/FONT]
[FONT=mceinline]C:\Windows\system32\svchost.exe -k RPCSS[/FONT]
[FONT=mceinline]c:\Program Files\Microsoft Security Client\MsMpEng.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\atiesrxx.exe[/FONT]
[FONT=mceinline]C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted[/FONT]
[FONT=mceinline]C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted[/FONT]
[FONT=mceinline]C:\Windows\system32\svchost.exe -k netsvcs[/FONT]
[FONT=mceinline]C:\Windows\system32\svchost.exe -k GPSvcGroup[/FONT]
[FONT=mceinline]C:\Windows\system32\svchost.exe -k LocalService[/FONT]
[FONT=mceinline]C:\Windows\system32\svchost.exe -k NetworkService[/FONT]
[FONT=mceinline]C:\Windows\system32\atieclxx.exe[/FONT]
[FONT=mceinline]C:\Windows\System32\spoolsv.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork[/FONT]
[FONT=mceinline]C:\Windows\system32\taskhost.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\Dwm.exe[/FONT]
[FONT=mceinline]C:\Windows\Explorer.EXE[/FONT]
[FONT=mceinline]C:\Windows\system32\taskeng.exe[/FONT]
[FONT=mceinline]C:\Windows\DAODx.exe[/FONT]
[FONT=mceinline]C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Netgear\WIN7_GA311\GA311.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Netgear\WIN7_GA311\GA311.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe[/FONT]
[FONT=mceinline]C:\Windows\System32\svchost.exe -k HPZ12[/FONT]
[FONT=mceinline]C:\Windows\System32\svchost.exe -k PeerDist[/FONT]
[FONT=mceinline]C:\Windows\System32\svchost.exe -k HPZ12[/FONT]
[FONT=mceinline]C:\Windows\System32\snmptrap.exe[/FONT]
[FONT=mceinline]C:\Windows\System32\svchost.exe -k WerSvcGroup[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[/FONT]
[FONT=mceinline]c:\Program Files\Microsoft Security Client\NisSrv.exe[/FONT]
[FONT=mceinline]C:\Windows\System32\rundll32.exe[/FONT]
[FONT=mceinline]C:\Program Files\Logitech\SetPointP\SetPoint.exe[/FONT]
[FONT=mceinline]C:\Program Files\Microsoft Security Client\msseces.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[/FONT]
[FONT=mceinline]C:\Users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[/FONT]
[FONT=mceinline]C:\Windows\System32\svchost.exe -k LocalServicePeerNet[/FONT]
[FONT=mceinline]C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[/FONT]
[FONT=mceinline]C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[/FONT]
[FONT=mceinline]C:\Program Files\Logitech\SetPointG\SetPointII.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\SearchIndexer.exe[/FONT]
[FONT=mceinline]C:\Program Files\Windows Media Player\wmpnetwk.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\SearchProtocolHost.exe[/FONT]
[FONT=mceinline]C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe[/FONT]
[FONT=mceinline]C:\Program Files\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=mceinline]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\AUDIODG.EXE[/FONT]
[FONT=mceinline]C:\Windows\system32\taskeng.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\SearchFilterHost.exe[/FONT]
[FONT=mceinline]C:\Windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=mceinline]C:\Windows\System32\cscript.exe[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]============== Pseudo HJT Report ===============[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]uStart Page = hxxps://www.google.com/[/FONT]
[FONT=mceinline]uProxyOverride = <local>[/FONT]
[FONT=mceinline]mWinlogon: Userinit = userinit.exe[/FONT]
[FONT=mceinline]BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>[/FONT]
[FONT=mceinline]BHO: {0347C33E-8762-4905-BF09-768834316C61} - <orphaned>[/FONT]
[FONT=mceinline]BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned>[/FONT]
[FONT=mceinline]BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - <orphaned>[/FONT]
[FONT=mceinline]BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll[/FONT]
[FONT=mceinline]BHO: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - <orphaned>[/FONT]
[FONT=mceinline]BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll[/FONT]
[FONT=mceinline]BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - <orphaned>[/FONT]
[FONT=mceinline]EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>[/FONT]
[FONT=mceinline]uRun: [Google Update] "C:\Users\Justin Sidwell\AppData\Local\Google\Update\GoogleUpdate.exe" /c[/FONT]
[FONT=mceinline]mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r[/FONT]
[FONT=mceinline]mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"[/FONT]
[FONT=mceinline]mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun[/FONT]
[FONT=mceinline]mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"[/FONT]
[FONT=mceinline]mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b[/FONT]
[FONT=mceinline]mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"[/FONT]
[FONT=mceinline]mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe[/FONT]
[FONT=mceinline]mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"[/FONT]
[FONT=mceinline]StartupFolder: C:\Users\JUSTIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe[/FONT]
[FONT=mceinline]uPolicies-Explorer: NoDriveTypeAutoRun = dword:0[/FONT]
[FONT=mceinline]mPolicies-Explorer: NoActiveDesktop = dword:1[/FONT]
[FONT=mceinline]mPolicies-Explorer: NoActiveDesktopChanges = dword:1[/FONT]
[FONT=mceinline]mPolicies-System: ConsentPromptBehaviorAdmin = dword:5[/FONT]
[FONT=mceinline]mPolicies-System: ConsentPromptBehaviorUser = dword:3[/FONT]
[FONT=mceinline]mPolicies-System: EnableUIADesktopToggle = dword:0[/FONT]
[FONT=mceinline]mPolicies-Windows\System: UseOEMBackground = dword:1[/FONT]
[FONT=mceinline]IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]INFO: HKCU has more than 50 listed domains.[/FONT]
[FONT=mceinline]If you wish to scan all of them, select the 'Force scan all domains' option.[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab[/FONT]
[FONT=mceinline]DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab[/FONT]
[FONT=mceinline]DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab[/FONT]
[FONT=mceinline]DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab[/FONT]
[FONT=mceinline]DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab[/FONT]
[FONT=mceinline]DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/FONT]
[FONT=mceinline]TCP: NameServer = 192.168.1.1[/FONT]
[FONT=mceinline]TCP: Interfaces\{07C7AB6D-61BF-417C-8263-713ADE83B628} : DHCPNameServer = 192.168.1.1[/FONT]
[FONT=mceinline]TCP: Interfaces\{F9E98BE2-3828-45B7-A2B7-D61FD2EF7F5B} : DHCPNameServer = 192.168.1.1[/FONT]
[FONT=mceinline]Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll[/FONT]
[FONT=mceinline]SSODL: WebCheck - <orphaned>[/FONT]
[FONT=mceinline]SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - [/FONT]
[FONT=mceinline]x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming[/FONT]
[FONT=mceinline]x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey[/FONT]
[FONT=mceinline]x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>[/FONT]
[FONT=mceinline]x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll[/FONT]
[FONT=mceinline]x64-SSODL: WebCheck - <orphaned>[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]============= SERVICES / DRIVERS ===============[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768][/FONT]
[FONT=mceinline]R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-12-17 17720][/FONT]
[FONT=mceinline]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-2 240640][/FONT]
[FONT=mceinline]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-2 361984][/FONT]
[FONT=mceinline]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472][/FONT]
[FONT=mceinline]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2012-12-23 109056][/FONT]
[FONT=mceinline]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-7 398184][/FONT]
[FONT=mceinline]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-7 682344][/FONT]
[FONT=mceinline]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456][/FONT]
[FONT=mceinline]R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-7-5 27136][/FONT]
[FONT=mceinline]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896][/FONT]
[FONT=mceinline]R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816][/FONT]
[FONT=mceinline]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-7 24176][/FONT]
[FONT=mceinline]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896][/FONT]
[FONT=mceinline]R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824][/FONT]
[FONT=mceinline]R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224][/FONT]
[FONT=mceinline]R3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2012-11-29 73552][/FONT]
[FONT=mceinline]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240][/FONT]
[FONT=mceinline]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-3-2 1301504][/FONT]
[FONT=mceinline]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384][/FONT]
[FONT=mceinline]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576][/FONT]
[FONT=mceinline]S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-26 46136][/FONT]
[FONT=mceinline]S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472][/FONT]
[FONT=mceinline]S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-7-5 35840][/FONT]
[FONT=mceinline]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-12-24 102368][/FONT]
[FONT=mceinline]S3 G311N6;NETGEAR GA311 Gigabit Driver;C:\Windows\System32\drivers\G311N6.sys [2011-7-5 347680][/FONT]
[FONT=mceinline]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-6 19456][/FONT]
[FONT=mceinline]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-12-24 203104][/FONT]
[FONT=mceinline]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136][/FONT]
[FONT=mceinline]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 57856][/FONT]
[FONT=mceinline]S3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2012-3-4 13312][/FONT]
[FONT=mceinline]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-23 1255736][/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]=============== File Associations ===============[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice][/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]=============== Created Last 30 ================[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]2013-01-08 13:42:199125352----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED7B033D-3272-452F-8282-8326EA4A0269}\mpengine.dll[/FONT]
[FONT=mceinline]2013-01-08 12:39:250----a-w-C:\Windows\System32\OLEPRO32.DLL[/FONT]
[FONT=mceinline]2013-01-08 12:39:250----a-w-C:\Windows\System32\atiumdva.dll[/FONT]
[FONT=mceinline]2013-01-08 12:39:250----a-w-C:\Windows\System32\atiumdag.dll[/FONT]
[FONT=mceinline]2013-01-08 12:39:250----a-w-C:\Windows\System32\atiu9pag.dll[/FONT]
[FONT=mceinline]2013-01-08 12:39:250----a-w-C:\Windows\System32\aticfx32.dll[/FONT]
[FONT=mceinline]2013-01-08 10:04:469125352----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll[/FONT]
[FONT=mceinline]2013-01-08 01:24:49--------d-----w-C:\MATS[/FONT]
[FONT=mceinline]2013-01-07 17:37:2624176----a-w-C:\Windows\System32\drivers\mbam.sys[/FONT]
[FONT=mceinline]2013-01-07 17:37:26--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware[/FONT]
[FONT=mceinline]2013-01-07 05:25:15315904----a-w-C:\Windows\SysWow64\Difx9cda.rra[/FONT]
[FONT=mceinline]2013-01-07 03:50:20--------d-----w-C:\ProgramData\Spybot - Search & Destroy[/FONT]
[FONT=mceinline]2013-01-07 03:50:20--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy[/FONT]
[FONT=mceinline]2013-01-06 22:50:22--------d-----w-C:\Users\Justin Sidwell\AppData\Roaming\start[/FONT]
[FONT=mceinline]2013-01-06 08:31:17--------d-----w-C:\Users\Justin Sidwell\AppData\Roaming\Malwarebytes[/FONT]
[FONT=mceinline]2013-01-06 08:30:53--------d-----w-C:\ProgramData\Malwarebytes[/FONT]
[FONT=mceinline]2013-01-06 01:45:41--------d-----w-C:\ProgramData\Kaspersky Lab[/FONT]
[FONT=mceinline]2013-01-06 01:45:41--------d-----w-C:\Program Files (x86)\Kaspersky Lab[/FONT]
[FONT=mceinline]2013-01-05 12:38:12--------d-----w-C:\Program Files (x86)\Resource Hacker[/FONT]
[FONT=mceinline]2013-01-05 06:23:15--------d-----w-C:\Program Files (x86)\AMD AVT[/FONT]
[FONT=mceinline]2013-01-05 06:23:09--------d-----w-C:\Program Files (x86)\AMD APP[/FONT]
[FONT=mceinline]2013-01-05 06:22:54--------d-----w-C:\Program Files\Common Files\ATI Technologies[/FONT]
[FONT=mceinline]2013-01-05 06:22:54--------d-----w-C:\Program Files (x86)\Common Files\ATI Technologies[/FONT]
[FONT=mceinline]2013-01-05 06:18:27--------d-----w-C:\Program Files (x86)\ATI Technologies[/FONT]
[FONT=mceinline]2013-01-05 06:18:19--------d-----w-C:\Program Files\ATI[/FONT]
[FONT=mceinline]2013-01-05 06:17:39--------d-----w-C:\Program Files\ATI Technologies[/FONT]
[FONT=mceinline]2013-01-04 20:30:17--------d--h--w-C:\Program Files (x86)\Zero G Registry[/FONT]
[FONT=mceinline]2013-01-04 20:30:17--------d-----w-C:\Program Files (x86)\Skifta[/FONT]
[FONT=mceinline]2013-01-04 20:27:58--------d--h--w-C:\Users\Justin Sidwell\InstallAnywhere[/FONT]
[FONT=mceinline]2013-01-04 20:27:57--------d-----w-C:\tmp[/FONT]
[FONT=mceinline]2013-01-02 23:33:3153248----a-r-C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe[/FONT]
[FONT=mceinline]2013-01-01 15:45:0916363960----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe[/FONT]
[FONT=mceinline]2013-01-01 10:08:34--------d-----w-C:\Users\Justin Sidwell\AppData\Local\Logishrd[/FONT]
[FONT=mceinline]2012-12-28 07:12:47--------d-----w-C:\Windows\pss[/FONT]
[FONT=mceinline]2012-12-27 18:53:20--------d-----w-C:\Program Files (x86)\Radeon RAMDisk[/FONT]
[FONT=mceinline]2012-12-27 07:59:26--------d-----w-C:\Program Files\LockHunter[/FONT]
[FONT=mceinline]2012-12-27 01:31:2318960----a-w-C:\Windows\System32\drivers\LNonPnP.sys[/FONT]
[FONT=mceinline]2012-12-27 01:25:58--------d-----w-C:\Users\Justin Sidwell\AppData\Roaming\Logishrd[/FONT]
[FONT=mceinline]2012-12-26 08:24:3613368----a-w-C:\Windows\SysWow64\drivers\AsUpIO.sys[/FONT]
[FONT=mceinline]2012-12-26 04:51:33972264------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF887FDD-C14B-4F5D-9DCF-6ABC14527719}\gapaengine.dll[/FONT]
[FONT=mceinline]2012-12-25 09:28:059125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8E69ADD-41CB-4D51-B163-46B0F9208C22}\mpengine.dll[/FONT]
[FONT=mceinline]2012-12-25 00:00:48--------d-----w-C:\Windows\System32\catroot2[/FONT]
[FONT=mceinline]2012-12-24 15:15:51--------d-----w-C:\Users\Justin Sidwell\AppData\Local\ElevatedDiagnostics[/FONT]
[FONT=mceinline]2012-12-24 07:27:09203104----a-w-C:\Windows\System32\drivers\ssudmdm.sys[/FONT]
[FONT=mceinline]2012-12-24 07:27:08102368----a-w-C:\Windows\System32\drivers\ssudbus.sys[/FONT]
[FONT=mceinline]2012-12-24 07:24:44--------d-----w-C:\Program Files (x86)\MarkAny[/FONT]
[FONT=mceinline]2012-12-23 15:40:09--------d-----w-C:\ProgramData\ASUS OC Profiles[/FONT]
[FONT=mceinline]2012-12-23 15:34:5824576----a-w-C:\Windows\SysWow64\AsIO.dll[/FONT]
[FONT=mceinline]2012-12-23 15:34:5813440----a-w-C:\Windows\SysWow64\drivers\AsIO.sys[/FONT]
[FONT=mceinline]2012-12-23 15:33:05225280----a-w-C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll[/FONT]
[FONT=mceinline]2012-12-23 12:26:52--------d-sh--w-C:\$RECYCLE.BIN[/FONT]
[FONT=mceinline]2012-12-23 11:15:38--------d-----w-C:\Program Files (x86)\AMD[/FONT]
[FONT=mceinline]2012-12-23 11:15:0416896----a-w-C:\Windows\AsTaskSched.dll[/FONT]
[FONT=mceinline]2012-12-23 10:44:40--------d-----w-C:\Users\Justin Sidwell\AppData\Local\Akamai[/FONT]
[FONT=mceinline]2012-12-21 20:35:3546080----a-w-C:\Windows\System32\atmlib.dll[/FONT]
[FONT=mceinline]2012-12-21 20:35:3534304----a-w-C:\Windows\SysWow64\atmlib.dll[/FONT]
[FONT=mceinline]2012-12-21 20:35:34367616----a-w-C:\Windows\System32\atmfd.dll[/FONT]
[FONT=mceinline]2012-12-21 20:35:33295424----a-w-C:\Windows\SysWow64\atmfd.dll[/FONT]
[FONT=mceinline]2012-12-21 04:13:33--------d-----w-C:\Program Files (x86)\ASUS[/FONT]
[FONT=mceinline]2012-12-18 05:28:5632600----a-w-C:\Windows\System32\SmartDefragBootTime.exe[/FONT]
[FONT=mceinline]2012-12-18 05:28:4617720----a-w-C:\Windows\System32\drivers\SmartDefragDriver.sys[/FONT]
[FONT=mceinline]2012-12-17 17:07:23--------d-----w-C:\ProgramData\AVAST Software[/FONT]
[FONT=mceinline]2012-12-17 17:07:23--------d-----w-C:\Program Files\AVAST Software[/FONT]
[FONT=mceinline]2012-12-16 06:33:15--------dc----w-C:\Users\Justin Sidwell\AppData\Local\MigWiz[/FONT]
[FONT=mceinline]2012-12-12 05:02:492048----a-w-C:\Windows\SysWow64\tzres.dll[/FONT]
[FONT=mceinline]2012-12-12 05:01:587680----a-w-C:\Windows\SysWow64\instnm.exe[/FONT]
[FONT=mceinline]2012-12-10 16:42:4995208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]==================== Find3M ====================[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]2013-01-07 05:04:18123704----a-w-C:\Windows\System32\drivers\jraid.sys[/FONT]
[FONT=mceinline]2013-01-01 15:45:1973656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[/FONT]
[FONT=mceinline]2013-01-01 15:45:19697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe[/FONT]
[FONT=mceinline]2012-12-10 16:42:35821736----a-w-C:\Windows\SysWow64\npdeployJava1.dll[/FONT]
[FONT=mceinline]2012-12-10 16:42:35746984----a-w-C:\Windows\SysWow64\deployJava1.dll[/FONT]
[FONT=mceinline]2012-12-02 09:26:50222720----a-w-C:\Windows\System32\clinfo.exe[/FONT]
[FONT=mceinline]2012-12-02 09:26:3276288----a-w-C:\Windows\System32\OpenVideo64.dll[/FONT]
[FONT=mceinline]2012-12-02 09:26:2865536----a-w-C:\Windows\SysWow64\OpenVideo.dll[/FONT]
[FONT=mceinline]2012-12-02 09:26:2464512----a-w-C:\Windows\System32\OVDecode64.dll[/FONT]
[FONT=mceinline]2012-12-02 09:26:2056320----a-w-C:\Windows\SysWow64\OVDecode.dll[/FONT]
[FONT=mceinline]2012-12-02 09:26:1034523136----a-w-C:\Windows\System32\amdocl64.dll[/FONT]
[FONT=mceinline]2012-12-02 09:21:2228738048----a-w-C:\Windows\SysWow64\amdocl.dll[/FONT]
[FONT=mceinline]2012-12-02 09:17:0254784----a-w-C:\Windows\System32\OpenCL.dll[/FONT]
[FONT=mceinline]2012-12-02 09:16:5850176----a-w-C:\Windows\SysWow64\OpenCL.dll[/FONT]
[FONT=mceinline]2012-12-02 08:31:345626536----a-w-C:\Windows\SysWow64\atiumdag.dll[/FONT]
[FONT=mceinline]2012-12-02 08:29:4811270656----a-w-C:\Windows\System32\drivers\atikmdag.sys[/FONT]
[FONT=mceinline]2012-12-02 08:17:1223455744----a-w-C:\Windows\System32\atio6axx.dll[/FONT]
[FONT=mceinline]2012-12-02 08:00:18163840----a-w-C:\Windows\System32\atiapfxx.exe[/FONT]
[FONT=mceinline]2012-12-02 07:59:5670144----a-w-C:\Windows\System32\coinst_9.01.8.dll[/FONT]
[FONT=mceinline]2012-12-02 07:58:4451200----a-w-C:\Windows\System32\aticalrt64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:58:4246080----a-w-C:\Windows\SysWow64\aticalrt.dll[/FONT]
[FONT=mceinline]2012-12-02 07:58:3644544----a-w-C:\Windows\System32\aticalcl64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:58:3444032----a-w-C:\Windows\SysWow64\aticalcl.dll[/FONT]
[FONT=mceinline]2012-12-02 07:58:2416082944----a-w-C:\Windows\System32\aticaldd64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:57:5418979328----a-w-C:\Windows\SysWow64\atioglxx.dll[/FONT]
[FONT=mceinline]2012-12-02 07:54:0813703168----a-w-C:\Windows\SysWow64\aticaldd.dll[/FONT]
[FONT=mceinline]2012-12-02 07:50:46949248----a-w-C:\Windows\SysWow64\aticfx32.dll[/FONT]
[FONT=mceinline]2012-12-02 07:48:521137664----a-w-C:\Windows\System32\aticfx64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:46:466684672----a-w-C:\Windows\SysWow64\atidxx32.dll[/FONT]
[FONT=mceinline]2012-12-02 07:41:444674048----a-w-C:\Windows\System32\atiumd6a.dll[/FONT]
[FONT=mceinline]2012-12-02 07:37:46442368----a-w-C:\Windows\System32\atidemgy.dll[/FONT]
[FONT=mceinline]2012-12-02 07:37:36548864----a-w-C:\Windows\System32\atieclxx.exe[/FONT]
[FONT=mceinline]2012-12-02 07:36:50240640----a-w-C:\Windows\System32\atiesrxx.exe[/FONT]
[FONT=mceinline]2012-12-02 07:35:26120320----a-w-C:\Windows\System32\atitmm64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:35:1021504----a-w-C:\Windows\System32\atimuixx.dll[/FONT]
[FONT=mceinline]2012-12-02 07:35:0459392----a-w-C:\Windows\System32\atiedu64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:35:0043520----a-w-C:\Windows\SysWow64\ati2edxx.dll[/FONT]
[FONT=mceinline]2012-12-02 07:29:303862528----a-w-C:\Windows\SysWow64\atiumdva.dll[/FONT]
[FONT=mceinline]2012-12-02 07:29:047378944----a-w-C:\Windows\System32\atidxx64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:24:506781440----a-w-C:\Windows\System32\atiumd64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:17:5456320----a-w-C:\Windows\System32\atimpc64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:17:5456320----a-w-C:\Windows\System32\amdpcom64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:17:4456832----a-w-C:\Windows\SysWow64\atimpc32.dll[/FONT]
[FONT=mceinline]2012-12-02 07:17:4456832----a-w-C:\Windows\SysWow64\amdpcom32.dll[/FONT]
[FONT=mceinline]2012-12-02 07:14:2853248----a-w-C:\Windows\System32\drivers\ati2erec.dll[/FONT]
[FONT=mceinline]2012-12-02 07:14:10619008----a-w-C:\Windows\System32\atiadlxx.dll[/FONT]
[FONT=mceinline]2012-12-02 07:14:00421888----a-w-C:\Windows\SysWow64\atiadlxy.dll[/FONT]
[FONT=mceinline]2012-12-02 07:13:4417920----a-w-C:\Windows\System32\atig6pxx.dll[/FONT]
[FONT=mceinline]2012-12-02 07:13:4214848----a-w-C:\Windows\SysWow64\atiglpxx.dll[/FONT]
[FONT=mceinline]2012-12-02 07:13:4214848----a-w-C:\Windows\System32\atiglpxx.dll[/FONT]
[FONT=mceinline]2012-12-02 07:13:3841984----a-w-C:\Windows\System32\atig6txx.dll[/FONT]
[FONT=mceinline]2012-12-02 07:13:3033280----a-w-C:\Windows\SysWow64\atigktxx.dll[/FONT]
[FONT=mceinline]2012-12-02 07:13:20546816----a-w-C:\Windows\System32\drivers\atikmpag.sys[/FONT]
[FONT=mceinline]2012-12-02 07:11:28130048----a-w-C:\Windows\System32\atiuxp64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:11:20109568----a-w-C:\Windows\SysWow64\atiuxpag.dll[/FONT]
[FONT=mceinline]2012-12-02 07:11:14104448----a-w-C:\Windows\System32\atiu9p64.dll[/FONT]
[FONT=mceinline]2012-12-02 07:11:0483968----a-w-C:\Windows\SysWow64\atiu9pag.dll[/FONT]
[FONT=mceinline]2012-11-29 17:50:0673552----a-w-C:\Windows\System32\drivers\RAMDiskVE.sys[/FONT]
[FONT=mceinline]2012-11-22 03:26:403149824----a-w-C:\Windows\System32\win32k.sys[/FONT]
[FONT=mceinline]2012-11-14 06:11:442312704----a-w-C:\Windows\System32\jscript9.dll[/FONT]
[FONT=mceinline]2012-11-14 06:04:111392128----a-w-C:\Windows\System32\wininet.dll[/FONT]
[FONT=mceinline]2012-11-14 06:02:491494528----a-w-C:\Windows\System32\inetcpl.cpl[/FONT]
[FONT=mceinline]2012-11-14 05:57:46599040----a-w-C:\Windows\System32\vbscript.dll[/FONT]
[FONT=mceinline]2012-11-14 05:57:35173056----a-w-C:\Windows\System32\ieUnatt.exe[/FONT]
[FONT=mceinline]2012-11-14 05:52:402382848----a-w-C:\Windows\System32\mshtml.tlb[/FONT]
[FONT=mceinline]2012-11-14 02:09:221800704----a-w-C:\Windows\SysWow64\jscript9.dll[/FONT]
[FONT=mceinline]2012-11-14 01:58:151427968----a-w-C:\Windows\SysWow64\inetcpl.cpl[/FONT]
[FONT=mceinline]2012-11-14 01:57:371129472----a-w-C:\Windows\SysWow64\wininet.dll[/FONT]
[FONT=mceinline]2012-11-14 01:49:25142848----a-w-C:\Windows\SysWow64\ieUnatt.exe[/FONT]
[FONT=mceinline]2012-11-14 01:48:27420864----a-w-C:\Windows\SysWow64\vbscript.dll[/FONT]
[FONT=mceinline]2012-11-14 01:44:422382848----a-w-C:\Windows\SysWow64\mshtml.tlb[/FONT]
[FONT=mceinline]2012-11-09 05:45:092048----a-w-C:\Windows\System32\tzres.dll[/FONT]
[FONT=mceinline]2012-11-02 05:59:11478208----a-w-C:\Windows\System32\dpnet.dll[/FONT]
[FONT=mceinline]2012-11-02 05:11:31376832----a-w-C:\Windows\SysWow64\dpnet.dll[/FONT]
[FONT=mceinline]2012-10-29 18:10:024659712----a-w-C:\Windows\SysWow64\Redemption.dll[/FONT]
[FONT=mceinline]2012-10-29 18:09:2890112----a-w-C:\Windows\MAMCityDownload.ocx[/FONT]
[FONT=mceinline]2012-10-29 18:09:28330240----a-w-C:\Windows\MASetupCaller.dll[/FONT]
[FONT=mceinline]2012-10-29 18:09:2830568----a-w-C:\Windows\MusiccityDownload.exe[/FONT]
[FONT=mceinline]2012-10-29 18:09:26821824----a-w-C:\Windows\SysWow64\dgderapi.dll[/FONT]
[FONT=mceinline]2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll[/FONT]
[FONT=mceinline]2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll[/FONT]
[FONT=mceinline]2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll[/FONT]
[FONT=mceinline]2012-10-15 16:54:0025472----a-w-C:\Windows\System32\RegistryDefragBootTime.exe[/FONT]
[FONT=mceinline].[/FONT]
[FONT=mceinline]============= FINISH: 11:07:09.58 ===============[/FONT]
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 13-01-08.01 - Justin Sidwell 01/08/2013 17:19:57.1.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.1727 [GMT -6:00]
Running from: c:\users\Justin Sidwell\Desktop\Project Mr. Clean\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Justin Sidwell\AppData\Roaming\Geanyz
c:\users\Justin Sidwell\AppData\Roaming\Geanyz\omguf.yle
c:\users\Justin Sidwell\AppData\Roaming\Start
c:\users\Justin Sidwell\AppData\Roaming\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
c:\windows\SysWow64\local.txt
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-08 23:26 . 2013-01-08 23:26--------d-----w-c:\users\Guest\AppData\Local\temp
2013-01-08 23:26 . 2013-01-08 23:26--------d-----w-c:\users\Default\AppData\Local\temp
2013-01-08 13:42 . 2012-11-08 15:249125352----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED7B033D-3272-452F-8282-8326EA4A0269}\mpengine.dll
2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\OLEPRO32.DLL
2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\atiumdva.dll
2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\atiumdag.dll
2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\atiu9pag.dll
2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\aticfx32.dll
2013-01-08 10:04 . 2012-11-08 15:249125352----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-08 01:24 . 2013-01-08 01:43--------d-----w-C:\MATS
2013-01-07 17:37 . 2013-01-07 17:37--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-07 17:37 . 2012-12-14 22:4924176----a-w-c:\windows\system32\drivers\mbam.sys
2013-01-07 05:25 . 2009-07-14 01:15315904----a-w-c:\windows\SysWow64\Difx9cda.rra
2013-01-07 03:50 . 2013-01-07 03:58--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
2013-01-07 03:50 . 2013-01-07 03:55--------d-----w-c:\programdata\Spybot - Search & Destroy
2013-01-06 08:31 . 2013-01-06 08:31--------d-----w-c:\users\Justin Sidwell\AppData\Roaming\Malwarebytes
2013-01-06 08:30 . 2013-01-06 08:30--------d-----w-c:\programdata\Malwarebytes
2013-01-06 01:45 . 2013-01-06 01:45--------d-----w-c:\programdata\Kaspersky Lab
2013-01-06 01:45 . 2013-01-06 01:45--------d-----w-c:\program files (x86)\Kaspersky Lab
2013-01-05 12:38 . 2013-01-06 12:08--------d-----w-c:\program files (x86)\Resource Hacker
2013-01-05 06:23 . 2013-01-05 06:23--------d-----w-c:\programdata\ATI
2013-01-05 06:23 . 2013-01-05 06:23--------d-----w-c:\program files (x86)\AMD AVT
2013-01-05 06:23 . 2013-01-05 06:23--------d-----w-c:\program files (x86)\AMD APP
2013-01-05 06:22 . 2013-01-05 06:22--------d-----w-c:\program files\Common Files\ATI Technologies
2013-01-05 06:22 . 2013-01-05 06:22--------d-----w-c:\program files (x86)\Common Files\ATI Technologies
2013-01-05 06:18 . 2013-01-05 06:18--------d-----w-c:\program files (x86)\ATI Technologies
2013-01-05 06:18 . 2013-01-05 06:18--------d-----w-c:\program files\ATI
2013-01-05 06:17 . 2013-01-05 06:22--------d-----w-c:\program files\ATI Technologies
2013-01-04 20:30 . 2013-01-05 05:59--------d-----w-c:\program files (x86)\Skifta
2013-01-04 20:30 . 2013-01-04 20:30--------d--h--w-c:\program files (x86)\Zero G Registry
2013-01-04 20:27 . 2013-01-04 20:27--------d--h--w-c:\users\Justin Sidwell\InstallAnywhere
2013-01-04 20:27 . 2013-01-04 20:27--------d-----w-C:\tmp
2013-01-02 23:33 . 2013-01-02 23:3353248----a-r-c:\users\Justin Sidwell\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-01-02 23:32 . 2013-01-02 23:32--------d-----w-c:\program files\Logitech
2013-01-02 23:31 . 2013-01-02 23:33--------d-----w-c:\program files\Common Files\LogiShrd
2013-01-01 15:45 . 2013-01-01 15:4516363960----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-01 10:08 . 2013-01-01 10:08--------d-----w-c:\users\Justin Sidwell\AppData\Local\Logishrd
2012-12-30 01:11 . 2012-12-30 01:11--------d-----w-c:\program files (x86)\Google
2012-12-27 18:53 . 2012-12-27 18:55--------d-----w-c:\program files (x86)\Radeon RAMDisk
2012-12-27 07:59 . 2012-12-27 10:54--------d-----w-c:\program files\LockHunter
2012-12-27 01:32 . 2012-12-27 01:32--------d-----w-c:\users\Justin Sidwell\AppData\Roaming\Leadertech
2012-12-27 01:32 . 2012-12-27 01:32--------d-----w-c:\program files (x86)\Common Files\LogiShrd
2012-12-27 01:31 . 2013-01-03 00:2718960----a-w-c:\windows\system32\drivers\LNonPnP.sys
2012-12-27 01:30 . 2013-01-02 18:54--------d-----w-c:\programdata\Logitech
2012-12-27 01:29 . 2013-01-02 23:33--------d-----w-c:\programdata\Logishrd
2012-12-27 01:25 . 2012-12-27 01:35--------d-----w-c:\users\Justin Sidwell\AppData\Roaming\Logishrd
2012-12-27 01:25 . 2012-12-27 01:32--------d-----w-c:\users\Justin Sidwell\AppData\Roaming\Logitech
2012-12-26 08:24 . 2009-07-06 16:4813368----a-w-c:\windows\SysWow64\drivers\AsUpIO.sys
2012-12-26 04:51 . 2012-12-26 04:51972264------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF887FDD-C14B-4F5D-9DCF-6ABC14527719}\gapaengine.dll
2012-12-25 09:28 . 2012-11-19 07:019125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8E69ADD-41CB-4D51-B163-46B0F9208C22}\mpengine.dll
2012-12-25 00:00 . 2013-01-08 09:18--------d-----w-c:\windows\system32\catroot2
2012-12-24 15:15 . 2013-01-08 08:22--------d-----w-c:\users\Justin Sidwell\AppData\Local\ElevatedDiagnostics
2012-12-24 07:27 . 2012-09-20 04:35203104----a-w-c:\windows\system32\drivers\ssudmdm.sys
2012-12-24 07:27 . 2012-09-20 04:35102368----a-w-c:\windows\system32\drivers\ssudbus.sys
2012-12-24 07:24 . 2012-12-24 07:24--------d-----w-c:\program files (x86)\MarkAny
2012-12-23 15:40 . 2012-12-23 16:06--------d-----w-c:\programdata\ASUS OC Profiles
2012-12-23 15:34 . 2012-12-23 15:3224576----a-w-c:\windows\SysWow64\AsIO.dll
2012-12-23 15:34 . 2012-12-23 15:3213440----a-w-c:\windows\SysWow64\drivers\AsIO.sys
2012-12-23 15:33 . 2001-09-05 10:18225280----a-w-c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-12-23 11:15 . 2012-12-24 04:05--------d-----w-c:\program files (x86)\AMD
2012-12-23 11:15 . 2012-12-23 11:1516896----a-w-c:\windows\AsTaskSched.dll
2012-12-23 10:44 . 2013-01-06 12:08--------d-----w-c:\users\Justin Sidwell\AppData\Local\Akamai
2012-12-21 20:35 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
2012-12-21 20:35 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
2012-12-21 20:35 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
2012-12-21 20:35 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
2012-12-21 04:13 . 2013-01-07 04:42--------d-----w-c:\program files (x86)\ASUS
2012-12-20 10:39 . 2012-12-20 10:39--------d-----w-c:\programdata\Razer
2012-12-20 10:39 . 2012-12-20 10:39--------d-----w-c:\program files (x86)\Razer
2012-12-18 05:28 . 2012-05-09 00:3432600----a-w-c:\windows\system32\SmartDefragBootTime.exe
2012-12-18 05:28 . 2010-11-27 00:0217720----a-w-c:\windows\system32\drivers\SmartDefragDriver.sys
2012-12-17 17:09 . 2012-10-30 23:50285328----a-w-c:\windows\system32\aswBoot.exe
2012-12-17 17:07 . 2012-12-26 03:40--------d-----w-c:\programdata\AVAST Software
2012-12-17 17:07 . 2012-12-17 17:07--------d-----w-c:\program files\AVAST Software
2012-12-16 06:33 . 2013-01-08 08:12--------dc----w-c:\users\Justin Sidwell\AppData\Local\MigWiz
2012-12-12 05:02 . 2012-11-09 05:452048----a-w-c:\windows\system32\tzres.dll
2012-12-12 05:01 . 2012-10-04 16:404096---ha-w-c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-10 16:47 . 2013-01-08 09:18--------d-----w-c:\program files (x86)\Common Files\Java
2012-12-10 16:42 . 2012-12-10 16:4295208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-07 05:04 . 2012-09-17 21:05123704----a-w-c:\windows\system32\drivers\jraid.sys
2013-01-01 15:45 . 2012-04-05 03:18697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-01 15:45 . 2011-05-18 16:4673656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 23:31 . 2010-07-23 20:2467599240----a-w-c:\windows\system32\MRT.exe
2012-12-10 16:42 . 2012-11-18 00:10821736----a-w-c:\windows\SysWow64\npdeployJava1.dll
2012-12-10 16:42 . 2010-09-07 02:31746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-12-02 09:26 . 2012-12-02 09:26222720----a-w-c:\windows\system32\clinfo.exe
2012-12-02 09:26 . 2012-12-02 09:2676288----a-w-c:\windows\system32\OpenVideo64.dll
2012-12-02 09:26 . 2012-12-02 09:2665536----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-12-02 09:26 . 2012-12-02 09:2664512----a-w-c:\windows\system32\OVDecode64.dll
2012-12-02 09:26 . 2012-12-02 09:2656320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-12-02 09:26 . 2012-12-02 09:2634523136----a-w-c:\windows\system32\amdocl64.dll
2012-12-02 09:21 . 2012-12-02 09:2128738048----a-w-c:\windows\SysWow64\amdocl.dll
2012-12-02 09:17 . 2012-12-02 09:1754784----a-w-c:\windows\system32\OpenCL.dll
2012-12-02 09:16 . 2012-12-02 09:1650176----a-w-c:\windows\SysWow64\OpenCL.dll
2012-12-02 08:31 . 2012-12-02 08:315626536----a-w-c:\windows\SysWow64\atiumdag.dll
2012-12-02 08:29 . 2012-12-02 08:2911270656----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:17 . 2012-12-02 08:1723455744----a-w-c:\windows\system32\atio6axx.dll
2012-12-02 08:00 . 2012-12-02 08:00163840----a-w-c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-12-02 07:5970144----a-w-c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:5851200----a-w-c:\windows\system32\aticalrt64.dll
2012-12-02 07:58 . 2012-12-02 07:5846080----a-w-c:\windows\SysWow64\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:5844544----a-w-c:\windows\system32\aticalcl64.dll
2012-12-02 07:58 . 2012-12-02 07:5844032----a-w-c:\windows\SysWow64\aticalcl.dll
2012-12-02 07:58 . 2012-12-02 07:5816082944----a-w-c:\windows\system32\aticaldd64.dll
2012-12-02 07:57 . 2012-12-02 07:5718979328----a-w-c:\windows\SysWow64\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:5413703168----a-w-c:\windows\SysWow64\aticaldd.dll
2012-12-02 07:50 . 2012-12-02 07:50949248----a-w-c:\windows\SysWow64\aticfx32.dll
2012-12-02 07:48 . 2012-12-02 07:481137664----a-w-c:\windows\system32\aticfx64.dll
2012-12-02 07:46 . 2012-12-02 07:466684672----a-w-c:\windows\SysWow64\atidxx32.dll
2012-12-02 07:41 . 2012-12-02 07:414674048----a-w-c:\windows\system32\atiumd6a.dll
2012-12-02 07:37 . 2012-12-02 07:37442368----a-w-c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37548864----a-w-c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36240640----a-w-c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35120320----a-w-c:\windows\system32\atitmm64.dll
2012-12-02 07:35 . 2012-12-02 07:3521504----a-w-c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:3559392----a-w-c:\windows\system32\atiedu64.dll
2012-12-02 07:35 . 2012-12-02 07:3543520----a-w-c:\windows\SysWow64\ati2edxx.dll
2012-12-02 07:29 . 2012-12-02 07:293862528----a-w-c:\windows\SysWow64\atiumdva.dll
2012-12-02 07:29 . 2012-12-02 07:297378944----a-w-c:\windows\system32\atidxx64.dll
2012-12-02 07:24 . 2012-12-02 07:246781440----a-w-c:\windows\system32\atiumd64.dll
2012-12-02 07:17 . 2012-12-02 07:1756320----a-w-c:\windows\system32\atimpc64.dll
2012-12-02 07:17 . 2012-12-02 07:1756320----a-w-c:\windows\system32\amdpcom64.dll
2012-12-02 07:17 . 2012-12-02 07:1756832----a-w-c:\windows\SysWow64\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:1756832----a-w-c:\windows\SysWow64\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:1453248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:14 . 2012-12-02 07:14619008----a-w-c:\windows\system32\atiadlxx.dll
2012-12-02 07:14 . 2012-12-02 07:14421888----a-w-c:\windows\SysWow64\atiadlxy.dll
2012-12-02 07:13 . 2012-12-02 07:1317920----a-w-c:\windows\system32\atig6pxx.dll
2012-12-02 07:13 . 2012-12-02 07:1314848----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:1314848----a-w-c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:1341984----a-w-c:\windows\system32\atig6txx.dll
2012-12-02 07:13 . 2012-12-02 07:1333280----a-w-c:\windows\SysWow64\atigktxx.dll
2012-12-02 07:13 . 2012-12-02 07:13546816----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2010-05-27 16:25130048----a-w-c:\windows\system32\atiuxp64.dll
2012-12-02 07:11 . 2012-12-02 07:11109568----a-w-c:\windows\SysWow64\atiuxpag.dll
2012-12-02 07:11 . 2012-09-28 01:11104448----a-w-c:\windows\system32\atiu9p64.dll
2012-12-02 07:11 . 2012-12-02 07:1183968----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-11-29 17:50 . 2012-11-29 17:5073552----a-w-c:\windows\system32\drivers\RAMDiskVE.sys
2012-10-29 18:10 . 2012-11-17 21:224659712----a-w-c:\windows\SysWow64\Redemption.dll
2012-10-29 18:09 . 2012-10-29 18:0990112----a-w-c:\windows\MAMCityDownload.ocx
2012-10-29 18:09 . 2012-10-29 18:09330240----a-w-c:\windows\MASetupCaller.dll
2012-10-29 18:09 . 2012-10-29 18:0930568----a-w-c:\windows\MusiccityDownload.exe
2012-10-29 18:09 . 2012-11-18 01:06821824----a-w-c:\windows\SysWow64\dgderapi.dll
2012-10-16 08:38 . 2012-12-01 23:16135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-01 23:16350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-01 23:16561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-15 16:54 . 2012-11-26 05:2725472----a-w-c:\windows\system32\RegistryDefragBootTime.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
c:\users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2012-12-23 109056]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 AODDriver;AODDriver;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver.sys [x]
R3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-10-01 35840]
R3 cpuz135;cpuz135; [x]
R3 cpuz136;cpuz136;c:\users\JUSTIN~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 G311N6;NETGEAR GA311 Gigabit Driver;c:\windows\system32\DRIVERS\G311N6.sys [2010-05-05 347680]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1255736]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-02 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-02-05 27136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2012-11-29 73552]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-03 1301504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:45]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 01:11]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 01:11]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1928685942-4290284316-1684522420-1000Core.job
- c:\users\Justin Sidwell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-31 14:34]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1928685942-4290284316-1684522420-1000UA.job
- c:\users\Justin Sidwell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-31 14:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Six Engine - c:\program files (x86)\ASUS\EPU\EPU.exe
Wow6432Node-HKLM-Run-QFan Help - c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
Wow6432Node-HKLM-Run-JMB36X IDE Setup - c:\windows\RaidTool\xInsIDE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1f,06,d0,c4,d5,aa,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-08 17:28:29
ComboFix-quarantined-files.txt 2013-01-08 23:28
.
Pre-Run: 367,655,559,168 bytes free
Post-Run: 368,093,306,880 bytes free
.
- - End Of File - - B981DD17DCBB72DF19375D29A5BAA3B1
 
Windows update is prompting me to do something in the action center sys tray. I'm going to ignore but thought I'd mention it
 
Yeah, yesterday was "Patch Tuesday", the time of month when Microsoft releases their security updates. Let's do the following next please:

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
It says Verify file digital signatures, not Verify driver digital signatures. I'll select it anyway as there are not many choices.
 
Also top part has 4 items, System Memory and Loaded modules are there in addition to what you pictured. I will wait to see what all should be done. Let me know. Cant figure out a way to include a screenshot other than via URL.
 
Four objects were listed, clicked continue as you said:
If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
None of the files you listed above were mentioned, although all were unsigned as I recall.

After continue I now have the start screen again with the message "Suspicious objects were found". No where is a scan results button. What now?

I clicked continue already, so where do I do this?

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed
 
13:01:39.0623 4188 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:01:40.0012 4188 ============================================================
13:01:40.0012 4188 Current date / time: 2013/01/09 13:01:40.0012
13:01:40.0012 4188 SystemInfo:
13:01:40.0012 4188
13:01:40.0012 4188 OS Version: 6.1.7601 ServicePack: 1.0
13:01:40.0012 4188 Product type: Workstation
13:01:40.0012 4188 ComputerName: TOWEROFPOWER10
13:01:40.0013 4188 UserName: Justin Sidwell
13:01:40.0013 4188 Windows directory: C:\Windows
13:01:40.0013 4188 System windows directory: C:\Windows
13:01:40.0013 4188 Running under WOW64
13:01:40.0013 4188 Processor architecture: Intel x64
13:01:40.0013 4188 Number of processors: 6
13:01:40.0013 4188 Page size: 0x1000
13:01:40.0013 4188 Boot type: Normal boot

OK, found Report button, got this log which is attached. Please be aware that I wasn't able to follow your steps exactly and may not have done things correctly and the program didn't match exactly what you described.
 

Attachments

  • TDSSKiller.2.8.15.0_09.01.2013_13.01.39_log.txt
    137.6 KB · Views: 0
[FONT=Georgia]ESET Online Scan[/FONT]

[FONT=Georgia]Please run a free online scan with the [/FONT][FONT=Georgia]ESET Online Scanner[/FONT]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
[FONT=Georgia]UAC pop up occurred first, I said OK[/FONT]
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
[FONT=Georgia]Something about stealth mode was also checked. I left it that way. Seemed to indicate an added memory check. hope that's cool.[/FONT]
  • Click Scan (This scan can take several hours, so please be patient)
[FONT=Georgia]It's running now.[/FONT]
 
ESET Online Scan results:

C:\Users\Justin Sidwell\Downloads\Tweaks\Windows 7\cbsidlm-tr1_7-Windows_7_Logon_Background_Changer-SEO2-10971736.exeWin32/DownloadAdmin.D applicationcleaned by deleting - quarantined​


This program I downloaded a few months ago to modify the background image on windows start up and shut down screens. The top link was the source, although I believe I first learned about it at CNet.com.

  1. Windows 7 Logon Background Changer - Customize your Windows ...

    www.julien-manici.com/windows_7_logon_background_chan...Share
    Windows 7 Logon Background Changer is a free open source software that let you change the wallpaper of the Windows 7 logon screen (also known as ...
    Download - 1012 comments - Source Code - License terms


  2. Windows 7 Logon Background Changer - CNET Download.com

    download.cnet.com › ... › Desktop Customization
    21 reviews - Windows
    Oct 12, 2009 – Windows 7 Logon Background Changer is a free open source software that lets you change the wallpaper of the Windows 7 login screen (also ...

    To recap there were a few discrepancies between the instructions and what I encountered while doing the process. This part (below) was never part of my process since I was only offered a continue button once, pressed it, and that took me back to the start screen for the TDSSKiller app.

    [FONT=Arial]Here's a summary of what to do if you would like to print it out:[/FONT][FONT=Arial]If a suspicious object is detected, the default action will be [/FONT][FONT=Arial]Skip[/FONT][FONT=Arial], click on [/FONT][FONT=Arial]Continue[/FONT][FONT=Arial]If you get the warning about a file [/FONT][FONT=Arial]UnsignedFile.Multi.Generic[/FONT][FONT=Arial] or [/FONT][FONT=Arial]LockedFile.Multi.Generic[/FONT][FONT=Arial] please choose[/FONT][FONT=Arial]Skip[/FONT][FONT=Arial] and click on [/FONT][FONT=Arial]Continue[/FONT][FONT=Arial]If [/FONT][FONT=Arial]malicious objects[/FONT][FONT=Arial] are found, they will show in the Scan results and offer three (3) options.[/FONT][FONT=Arial]Ensure [/FONT][FONT=Arial]Cure[/FONT][FONT=Arial] is selected, then click [/FONT][FONT=Arial]Continue[/FONT][FONT=Arial] => Reboot now to finish the cleaning process.[/FONT][FONT=Arial]Note:[/FONT][FONT=Arial] If [/FONT][FONT=Arial]Cure[/FONT][FONT=Arial] is not available, please choose [/FONT][FONT=Arial]Skip[/FONT][FONT=Arial] instead, [/FONT][FONT=Arial]do not choose Delete unless instructed.[/FONT]
 
The TDSSKiller program is a very complex program, and it says different things depending on the situation. We're hoping that our preset directions are easy enough, that at least partially computer-competent people can comprehend.

As for the detection, "Heuristics.Reserved.Word.Exploit" is a common false positive detection in Malwarebytes' Anti-Malware used simply to note when a file is out of its correct place. For example, when svchost.exe is the name for a file on the Desktop, it would be detected because its real location is in c:\windows\system32.

Otherwise, there are no other checks that are needed.
 
Do you mean we're done?

I'm being extra cautious. I just wanted you to be aware that I was presented with the screen where you can "cure" the detected files (4 were detected). But I hit "continue' here, based on how I read the instructions, and was then back at the beginning menu again. Wouldn't it make sense to run it again? What if one of them was curable? My computer was really messed up until last night when combo-fix finished running, so I know I was infected. What is the next step, I ll wait to hear back.
 
Tell you what, we'll do this last round here for remnants:

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.


OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
PC is running at least 5 times faster than when we started. You rock.
I have to confess that I installed the recent batch of windows updates last night. Hope that wasn't totally stupid.

I'm curious what you've found in all these logs. Looks like there's some cleaning going on, but I'm only guessing.

Thanks,
Justin



# AdwCleaner v2.105 - Logfile created 01/10/2013 at 12:57:30
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Justin Sidwell - TOWEROFPOWER10
# Boot Mode : Normal
# Running from : C:\Users\Justin Sidwell\Desktop\Project Mr. Clean\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Justin Sidwell\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1118 octets] - [10/01/2013 12:57:30]

########## EOF - C:\AdwCleaner[S1].txt - [1178 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Professional x64
Ran by Justin Sidwell on Thu 01/10/2013 at 13:07:41.32
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}



~~~ Files

Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/10/2013 at 13:12:31.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 1/10/2013 1:16:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin Sidwell\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.57 Gb Available Physical Memory | 69.67% Memory free
13.99 Gb Paging File | 11.44 Gb Available in Paging File | 81.76% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 353.05 Gb Free Space | 37.91% Space Free | Partition Type: NTFS
Drive E: | 848.31 Mb Total Space | 702.96 Mb Free Space | 82.87% Space Free | Partition Type: FAT32

Computer Name: TOWEROFPOWER10 | User Name: Justin Sidwell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/10 13:15:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin Sidwell\Desktop\OTL.exe
PRC - [2012/12/29 19:16:27 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/12/23 09:32:30 | 000,109,056 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2012/12/21 21:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/01/22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/03/30 00:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007/02/12 21:33:06 | 000,289,504 | ---- | M] () -- C:\Program Files (x86)\Netgear\WIN7_GA311\GA311.exe


========== Modules (No Company Name) ==========

MOD - [2009/03/30 00:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2007/02/26 15:32:42 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Netgear\WIN7_GA311\VistaRTL8169LibImp.dll
MOD - [2007/02/12 21:33:06 | 000,289,504 | ---- | M] () -- C:\Program Files (x86)\Netgear\WIN7_GA311\GA311.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/02 03:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/12/02 01:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/27 13:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 09:45:19 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/23 09:32:30 | 000,109,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/07 19:21:29 | 000,541,168 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/06 23:04:18 | 000,123,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/02 02:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/02 01:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/29 11:50:06 | 000,073,552 | ---- | M] (Dataram, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2012/09/19 22:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/09/19 22:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/05/14 00:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/02 00:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 00:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/24 15:36:24 | 000,431,176 | ---- | M] (BitDefender) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/05/05 07:01:32 | 000,347,680 | ---- | M] (Netgear) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\G311N6.sys -- (G311N6)
DRV:64bit: - [2010/03/02 19:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/30 19:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/29 19:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 19:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/01/17 15:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/02/05 08:44:58 | 000,027,136 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Justin Sidwell\Downloads\misc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 19 E7 90 BD F4 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7725A3FE-01BA-4C3A-A5DA-A5673F5921AA}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin Sidwell\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin Sidwell\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/19 05:56:43 | 000,000,000 | ---D | M]

[2012/11/19 05:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/19 05:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Justin Sidwell\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2013/01/08 17:26:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (Reg Error: Value error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07C7AB6D-61BF-417C-8263-713ADE83B628}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E98BE2-3828-45B7-A2B7-D61FD2EF7F5B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[CONTINUED NEXT POST]
 
[CONTINUED] OTL LOG

========== Files/Folders - Created Within 30 Days ==========

[2013/01/10 13:15:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Justin Sidwell\Desktop\OTL.exe
[2013/01/10 13:07:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/10 13:07:21 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/10 02:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/01/09 18:43:06 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\78583551.sys
[2013/01/09 13:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/08 17:56:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/08 17:28:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/08 17:18:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/08 17:18:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/08 17:18:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/08 17:18:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/08 17:17:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/08 10:52:53 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Desktop\Project Mr. Clean
[2013/01/07 19:24:49 | 000,000,000 | ---D | C] -- C:\MATS
[2013/01/07 12:15:03 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Desktop\MalwareBytes purchase info
[2013/01/07 11:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/07 11:37:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/07 11:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/06 21:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/06 21:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/01/06 02:31:17 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Malwarebytes
[2013/01/06 02:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/05 19:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/05 19:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/01/05 06:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2013/01/05 06:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2013/01/05 00:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/01/05 00:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/01/05 00:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/01/05 00:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/01/05 00:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/01/05 00:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/01/05 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/01/05 00:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/01/05 00:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/01/04 23:46:27 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Desktop\Default_Shutdown
[2013/01/04 14:30:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2013/01/04 14:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skifta
[2013/01/04 14:27:58 | 000,000,000 | -H-D | C] -- C:\Users\Justin Sidwell\InstallAnywhere
[2013/01/04 14:27:57 | 000,000,000 | ---D | C] -- C:\tmp
[2013/01/04 00:08:51 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/01/02 17:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2013/01/01 05:33:15 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Desktop\2_Second_Shutdown
[2013/01/01 04:08:34 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Local\Logishrd
[2012/12/29 19:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/29 19:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/12/28 01:12:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/12/27 12:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radeon RAMDisk
[2012/12/27 12:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Radeon RAMDisk
[2012/12/27 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2012/12/27 01:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2012/12/26 19:32:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2012/12/26 19:32:02 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Leadertech
[2012/12/26 19:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012/12/26 19:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/12/26 19:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012/12/26 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Logitech
[2012/12/26 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Logishrd
[2012/12/25 22:40:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012/12/25 22:40:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012/12/25 18:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/12/24 18:00:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2012/12/24 09:15:51 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Local\ElevatedDiagnostics
[2012/12/24 01:27:09 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/12/24 01:27:08 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/12/24 01:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/12/23 11:59:29 | 001,808,256 | ---- | C] (IObit) -- C:\Users\Justin Sidwell\Desktop\IObit Uninstaller.exe
[2012/12/23 09:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2012/12/23 05:15:44 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD
[2012/12/23 05:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2012/12/23 05:15:04 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012/12/23 04:44:40 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Local\Akamai
[2012/12/23 02:07:29 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Documents\SmartPack
[2012/12/23 02:06:21 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPack
[2012/12/20 22:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012/12/20 04:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/12/20 04:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012/12/17 23:28:56 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2012/12/17 23:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2012/12/17 11:09:02 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/12/17 11:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/12/17 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/12/17 07:41:19 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2012/12/16 00:33:15 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Local\MigWiz
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/10 13:15:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin Sidwell\Desktop\OTL.exe
[2013/01/10 13:08:59 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 13:08:59 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 13:02:07 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1928685942-4290284316-1684522420-1000UA.job
[2013/01/10 13:01:22 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/10 13:00:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/10 13:00:15 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 12:59:05 | 891,289,600 | ---- | M] () -- C:\RAMDisk.img
[2013/01/10 02:21:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/10 02:17:04 | 000,001,358 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/01/10 02:10:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/09 20:57:58 | 000,296,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 20:43:13 | 000,737,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 20:43:13 | 000,622,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 20:43:13 | 000,105,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 19:38:32 | 000,048,436 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\slow shutdown ERRORS.png
[2013/01/09 18:43:06 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\78583551.sys
[2013/01/09 12:02:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1928685942-4290284316-1684522420-1000Core.job
[2013/01/08 17:26:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/08 06:49:21 | 008,196,304 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Local\census.cache
[2013/01/08 06:48:44 | 000,095,544 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Local\ars.cache
[2013/01/08 06:46:15 | 000,007,630 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Local\resmon.resmoncfg
[2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\OLEPRO32.DLL
[2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdva.dll
[2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdag.dll
[2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiu9pag.dll
[2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\aticfx32.dll
[2013/01/08 05:58:51 | 000,007,626 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\resource.ResmonCfg
[2013/01/07 20:18:35 | 000,000,123 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Microsoft Fix it.url
[2013/01/07 11:37:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/06 22:26:24 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2013/01/06 10:23:30 | 000,001,590 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\log.rtf
[2013/01/06 05:25:23 | 000,000,065 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Roaming\mbam.context.scan
[2013/01/05 02:49:27 | 000,000,146 | ---- | M] () -- C:\Users\Justin Sidwell\Documents\Audio Source.lnk
[2013/01/02 08:40:38 | 000,001,616 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\ReBoot Time.vbs - Shift ctrl R.lnk
[2013/01/02 08:38:42 | 000,001,573 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\hdmiOn.vbs - shift ctrl H.lnk
[2013/01/01 23:20:33 | 000,002,293 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Google Chrome.lnk
[2013/01/01 13:54:22 | 000,001,164 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\TOWEROFPOWER10 - Shortcut.lnk
[2013/01/01 11:10:09 | 000,000,104 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Control Panel - Shortcut.lnk
[2013/01/01 11:08:33 | 000,000,146 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\VIA HD Audio Deck - Shortcut (2).lnk
[2013/01/01 05:36:56 | 000,001,242 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Paint.lnk
[2013/01/01 05:36:51 | 000,001,304 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Notepad.lnk
[2013/01/01 05:32:53 | 000,001,064 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/01 05:24:37 | 000,013,570 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\msconfig.exe - Shortcut.lnk
[2013/01/01 01:50:00 | 000,026,207 | ---- | M] () -- C:\Windows\SysNative\energy-report.html
[2013/01/01 01:50:00 | 000,026,207 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\energy-report.html
[2012/12/30 18:37:10 | 000,001,954 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Radeon RAMDisk Configuration Utility.lnk
[2012/12/30 09:08:29 | 000,000,351 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Network - Shortcut.lnk
[2012/12/29 23:11:35 | 000,110,923 | ---- | M] () -- C:\Users\Justin Sidwell\Documents\homegroup config.png
[2012/12/26 01:46:41 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/12/26 01:46:41 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/12/25 23:10:52 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/25 22:15:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/12/25 20:37:39 | 000,001,155 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Windows Update Troubleshooting Info.lnk
[2012/12/25 19:38:22 | 000,013,225 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Akamai NetSession Interface Control Panel (32-bit) - Shortcut.lnk
[2012/12/24 01:27:52 | 000,002,006 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Samsung Kies (Lite).lnk
[2012/12/23 11:59:32 | 001,808,256 | ---- | M] (IObit) -- C:\Users\Justin Sidwell\Desktop\IObit Uninstaller.exe
[2012/12/23 09:32:31 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll
[2012/12/23 09:32:31 | 000,013,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/12/23 05:17:06 | 000,730,423 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\TurboV EVO_AMD_EN.pdf
[2012/12/23 05:15:04 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012/12/23 05:07:07 | 000,028,788 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/12/23 05:04:18 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012/12/23 02:28:48 | 000,001,905 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\PLDS SmartPack Utility.lnk
[2012/12/21 14:21:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/19 21:27:03 | 000,002,396 | ---- | M] () -- C:\Users\Justin Sidwell\Documents\goo.rtf
[2012/12/19 02:05:54 | 000,000,262 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Run.lnk
[2012/12/17 23:28:45 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2012/12/17 11:04:10 | 000,000,937 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Downloads.lnk
[2012/12/17 06:41:26 | 000,002,003 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Turn Off Display.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/10 02:17:04 | 000,001,358 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/01/09 19:38:32 | 000,048,436 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\slow shutdown ERRORS.png
[2013/01/08 17:18:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/08 17:18:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/08 17:18:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/08 17:18:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/08 17:18:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OLEPRO32.DLL
[2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdva.dll
[2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdag.dll
[2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiu9pag.dll
[2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\aticfx32.dll
[2013/01/08 05:58:51 | 000,007,626 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\resource.ResmonCfg
[2013/01/07 11:37:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/06 10:23:29 | 000,001,590 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\log.rtf
[2013/01/06 05:25:23 | 000,000,065 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Roaming\mbam.context.scan
[2013/01/05 02:49:27 | 000,000,146 | ---- | C] () -- C:\Users\Justin Sidwell\Documents\Audio Source.lnk
[2013/01/02 17:36:43 | 000,001,064 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/02 08:39:33 | 000,001,616 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\ReBoot Time.vbs - Shift ctrl R.lnk
[2013/01/02 08:37:23 | 000,001,573 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\hdmiOn.vbs - shift ctrl H.lnk
[2013/01/01 13:54:22 | 000,001,164 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\TOWEROFPOWER10 - Shortcut.lnk
[2013/01/01 11:10:09 | 000,000,104 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Control Panel - Shortcut.lnk
[2013/01/01 11:08:33 | 000,000,146 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\VIA HD Audio Deck - Shortcut (2).lnk
[2013/01/01 09:09:37 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/01 05:36:56 | 000,001,242 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Paint.lnk
[2013/01/01 05:36:51 | 000,001,304 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Notepad.lnk
[2013/01/01 05:28:26 | 000,002,293 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Google Chrome.lnk
[2013/01/01 05:24:37 | 000,013,570 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\msconfig.exe - Shortcut.lnk
[2013/01/01 01:50:21 | 000,026,207 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\energy-report.html
[2013/01/01 01:50:00 | 000,026,207 | ---- | C] () -- C:\Windows\SysNative\energy-report.html
[2012/12/30 18:37:10 | 000,001,954 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Radeon RAMDisk Configuration Utility.lnk
[2012/12/30 09:08:29 | 000,000,351 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Network - Shortcut.lnk
[2012/12/29 19:11:19 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/29 19:11:17 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/28 16:32:40 | 891,289,600 | ---- | C] () -- C:\RAMDisk.img
[2012/12/26 02:24:36 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012/12/26 01:46:39 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/12/26 01:46:39 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/12/25 22:15:41 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/25 19:38:22 | 000,013,225 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Akamai NetSession Interface Control Panel (32-bit) - Shortcut.lnk
[2012/12/24 09:15:42 | 000,001,155 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Windows Update Troubleshooting Info.lnk
[2012/12/24 05:41:54 | 000,296,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/24 01:27:52 | 000,002,006 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Samsung Kies (Lite).lnk
[2012/12/23 09:34:58 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/12/23 09:34:58 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/12/23 05:17:06 | 000,730,423 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\TurboV EVO_AMD_EN.pdf
[2012/12/23 05:04:18 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012/12/23 05:04:18 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012/12/23 02:06:21 | 000,001,905 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\PLDS SmartPack Utility.lnk
[2012/12/21 08:10:57 | 000,110,923 | ---- | C] () -- C:\Users\Justin Sidwell\Documents\homegroup config.png
[2012/12/19 21:27:03 | 000,002,396 | ---- | C] () -- C:\Users\Justin Sidwell\Documents\goo.rtf
[2012/12/19 03:54:17 | 000,000,123 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Microsoft Fix it.url
[2012/12/19 02:05:54 | 000,000,262 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Run.lnk
[2012/12/17 23:28:46 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2012/12/17 23:28:45 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2012/12/17 11:09:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/12/17 11:04:10 | 000,000,937 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Downloads.lnk
[2012/12/17 06:38:40 | 000,002,003 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Turn Off Display.lnk
[2012/10/29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/09/27 19:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/27 19:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/09/26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/14 08:30:09 | 008,196,304 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Local\census.cache
[2011/03/14 08:29:23 | 000,095,544 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Local\ars.cache
[2011/03/14 08:26:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/29 10:56:50 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/01/29 10:56:50 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/01/29 10:56:10 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/29 10:56:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/01/29 10:54:42 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/08/27 13:25:27 | 000,000,036 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Local\housecall.guid.cache
[2010/08/23 20:05:32 | 000,001,024 | ---- | C] () -- C:\Users\Justin Sidwell\.rnd
[2010/08/05 18:04:20 | 000,007,630 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/10 13:02:14 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Dropbox
[2012/11/07 05:35:38 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Hellogramming
[2013/01/06 06:08:35 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\IObit
[2012/12/26 19:32:02 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Leadertech
[2012/12/21 03:05:57 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Razer
[2013/01/06 06:04:18 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Samsung
[2012/11/08 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\TuneUp Software
[2012/03/01 20:05:55 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Yxiqub

========== Purity Check ==========



< End of report >
 
Whoops. Here's and Extras report from OTL:

OTL Extras logfile created on: 1/10/2013 1:16:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin Sidwell\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.57 Gb Available Physical Memory | 69.67% Memory free
13.99 Gb Paging File | 11.44 Gb Available in Paging File | 81.76% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 353.05 Gb Free Space | 37.91% Space Free | Partition Type: NTFS
Drive E: | 848.31 Mb Total Space | 702.96 Mb Free Space | 82.87% Space Free | Partition Type: FAT32

Computer Name: TOWEROFPOWER10 | User Name: Justin Sidwell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{74B9815D-23D0-45CD-B91F-BD83410A01C5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B3C7E63-6213-4163-BCA0-FF338624395B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E892277-599B-42EA-8DDB-8EEC6BFBFC9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB39E964-B85C-4E04-A056-03AB459D381D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BC6FD63B-4EDD-4B28-BE90-A36584C12F2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2F503E7-C9DE-4040-B22B-DEDFB2CAE2FA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D8262136-BFF4-4A70-852D-F8B55E8E11AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3FE4414-99AC-406B-948D-F38757BF4945}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE25C74F-E1C9-49CE-8D1D-30334708A3DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BBE61F9-218D-4F05-A3F1-2AE8877D41BD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E260DAF-138E-498D-8417-A2E666358CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0E50A082-60AC-42FE-A151-DA3BFBB4C4FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1935253F-6E28-47AB-A280-0FEFC9DE3CB5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29E05C0E-BC50-4938-A5CD-55646A6AE25C}" = protocol=6 | dir=out | app=system |
"{4B21CAC8-5469-492F-A276-56D7DA759A99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ACE5C5C-FDAE-447C-A27A-78C8B0FCBB10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E321140-7185-47AE-8A50-69CBE99D9515}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{782C7E0D-AE78-4E46-88CD-12305E4ABEB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C0A7ABA-E400-4F9A-8EB4-943DF0EE9A68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{866BF922-8D62-4135-900D-92B476CA28B8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C58E478-32FA-4B72-813E-7C84971BFC0B}" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{9D609E34-BE24-4E10-9E05-0D14FFE82AD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCCC80BF-E5F0-4572-9FA5-3F2789FC3D7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E64590E2-62FD-4543-8335-9F515C3FFCE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F493F87A-5EF9-4DDF-93FA-E852D19B2A37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7725F81-12E6-4CE3-B5FD-E1940213BB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"TCP Query User{2D0E2674-9879-432D-907F-E7B9E3DF5E54}C:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D5FA5660-B415-4F39-967F-6BACC33CFFF4}C:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{50AD73D0-4191-4B97-AD47-28AD72790FEC}C:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{50F7D41B-735E-4F2F-BF15-AC93E5BEDF9D}C:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DFDADCB2-8C17-E480-A8D5-724CEA1F0676}" = AMD Drag and Drop Transcoding
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"sp6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04A55A34-4DC5-4919-8B88-FFA6CC7D6D20}" = Radeon RAMDisk
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E7300DD-08A3-4B3F-AEE1-1450843FE86E}" = NETGEAR GA311 Gigabit Adapter
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Geekbench 2.4" = Geekbench 2.4
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"PlexUtil" = SmartPack 1.21.0
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 620" = Portal 2
"VLC media player" = VLC media player 2.0.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MusicManager" = Music Manager
"MyFreeCodec" = MyFreeCodec

< End of report >
 
Adware...

here's another fix for adware...

OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
    O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
    O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - No CLSID value found.
    O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Justin Sidwell\Desktop\Project Mr. Clean\cmd.bat deleted successfully.
C:\Users\Justin Sidwell\Desktop\Project Mr. Clean\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 50623 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 40359812 bytes
->Java cache emptied: 1198477 bytes
->Flash cache emptied: 58382 bytes

User: Justin Sidwell
->Temp folder emptied: 125126770 bytes
->Temporary Internet Files folder emptied: 120866546 bytes
->Java cache emptied: 35 bytes
->Google Chrome cache emptied: 246546990 bytes
->Flash cache emptied: 523 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1154 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87959722 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4589064 bytes
RecycleBin emptied: 652 bytes

Total Files Cleaned = 598.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01102013_190614
 
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
I have no issues to report except one. Yesterday after completing your instruct my SYS tray/notification bar only showed action center, home network and volume. Notification customize menu had everything blacked out. So I toggled the 'all on/off' option,said OK,restarted, and it was back to normal. That was the first restart since completing your scans. PC continues to run faster than I can recall ever before. Is there a particular scan we can run which had previously found junk, to verify it does not find anything now? Just a thought. Again,I know nothing ;)
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back