Solved DCOM Restart Issue

RogueKiller V8.8.1 _x64_ [Jan 14 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tim [Admin rights]
Mode : Scan [Aborted] -- Date : 01/14/2014 22:09:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[0]_S_01142014_220907.txt >>
RKreport[0]_D_01142014_220036.txt;RKreport[0]_S_01142014_215651.txt;RKreport[0]_S_01142014_220206.txt
RKreport[0]_S_01142014_220624.txt
 
Ok tried it in regular mode and still froze. gonna try to run it in safe mode to see if it helps anything
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 14-01-16.03 - Tim 01/19/2014 16:24:33.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1913.765 [GMT -5:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\283243v8d800i561p685o6jha4j4
.
.
((((((((((((((((((((((((( Files Created from 2013-12-19 to 2014-01-19 )))))))))))))))))))))))))))))))
.
.
2014-01-19 01:41 . 2014-01-19 01:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-19 01:38 . 2014-01-19 01:38 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2014-01-17 23:50 . 2014-01-17 23:54 -------- d-----w- c:\users\Tim\AppData\Local\CrashDumps
2014-01-17 23:17 . 2014-01-17 23:17 888536 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-01-17 23:17 . 2014-01-17 23:17 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-01-17 23:17 . 2014-01-17 23:17 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-01-17 23:16 . 2014-01-17 23:16 -------- d-----w- c:\program files\Realtek
2014-01-17 23:16 . 2014-01-17 23:16 -------- d-----w- c:\windows\SysWow64\RTCOM
2014-01-17 23:13 . 2014-01-17 23:13 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-01-17 23:08 . 2014-01-17 23:08 90112 ----a-w- c:\windows\system32\igfxCoIn_v2869.dll
2014-01-17 23:07 . 2014-01-17 23:07 32496 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2014-01-17 22:10 . 2014-01-17 22:10 -------- d-----w- c:\programdata\ProductData
2014-01-17 22:09 . 2014-01-17 22:09 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-01-17 22:09 . 2014-01-17 23:02 -------- d-----w- c:\programdata\IObit
2014-01-17 22:09 . 2014-01-17 23:01 -------- d-----w- c:\program files (x86)\IObit
2014-01-17 22:08 . 2014-01-17 23:01 -------- d-----w- c:\users\Tim\AppData\Roaming\IObit
2014-01-09 06:39 . 2014-01-09 06:39 -------- d-----w- C:\FRST
2014-01-04 19:53 . 2014-01-19 01:41 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-04 19:50 . 2014-01-04 19:50 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-04 00:02 . 2014-01-04 00:02 -------- d-----w- c:\users\Tim\AppData\Local\Opera Software
2014-01-04 00:02 . 2014-01-04 00:02 -------- d-----w- c:\users\Tim\AppData\Roaming\Opera Software
2014-01-04 00:01 . 2014-01-04 00:01 -------- d-----w- c:\program files (x86)\Opera
2014-01-03 22:53 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-01-03 22:51 . 2014-01-04 00:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-03 17:06 . 2014-01-03 17:06 -------- d-----w- c:\users\Tim\AppData\Roaming\AVAST Software
2014-01-03 17:04 . 2014-01-03 17:05 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-03 17:04 . 2014-01-03 17:04 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-03 17:04 . 2014-01-03 17:04 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-03 17:04 . 2014-01-03 17:04 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-03 17:04 . 2014-01-03 17:04 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-03 17:04 . 2014-01-03 17:04 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-03 17:04 . 2014-01-03 17:04 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-03 17:04 . 2014-01-03 17:04 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-03 17:04 . 2014-01-03 17:04 43152 ----a-w- c:\windows\avastSS.scr
2014-01-03 17:02 . 2014-01-03 17:02 -------- d-----w- c:\program files\AVAST Software
2014-01-03 16:57 . 2014-01-03 16:57 -------- d-----w- c:\programdata\AVAST Software
2013-12-23 05:03 . 2013-12-23 05:05 -------- d-----w- C:\zsnesw151
2013-12-23 04:57 . 2013-12-23 04:57 -------- d-----w- c:\users\Mcx1-TIM-PC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 07:33 . 2011-11-25 18:15 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 23:08 . 2011-02-11 23:46 61952 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-01-17 23:08 . 2011-02-12 00:09 571904 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2014-01-17 23:08 . 2009-07-13 21:59 4896768 ----a-w- c:\windows\SysWow64\igdumd32.dll
2014-01-17 23:08 . 2009-07-13 21:59 4722176 ----a-w- c:\windows\system32\igd10umd64.dll
2014-01-17 23:08 . 2011-02-11 23:45 108544 ----a-w- c:\windows\system32\hccutils.dll
2013-12-18 06:11 . 2013-12-18 06:11 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-12-10 20:34 . 2012-04-01 13:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 20:34 . 2011-11-25 23:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:33 . 2013-12-10 20:33 9293192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-04 03:28 . 2014-01-19 21:19 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99F25955-2595-48F9-93F1-A59A76209BBA}\mpengine.dll
2013-12-04 03:28 . 2014-01-17 22:22 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
2011-12-20 05:12 135680 ----a-w- c:\program files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2013-05-07 469032]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2013-12-18 2285344]
"BackgroundContainer"="c:\users\Tim\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-03 3764024]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-11-15 1861968]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys;c:\windows\SYSNATIVE\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys;c:\windows\SYSNATIVE\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys;c:\windows\SYSNATIVE\drivers\pctEFA64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys;c:\windows\SYSNATIVE\Drivers\PCTSD64.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe;c:\program files (x86)\Jump Desktop\JumpService.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:34]
.
2014-01-17 c:\windows\Tasks\Driver Booster Scan.job
- c:\program files (x86)\IObit\Driver Booster\Scheduler.exe [2014-01-17 15:48]
.
2014-01-17 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-01-17 16:01]
.
2014-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1653703331-2215413810-4147242134-1001Core.job
- c:\users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-13 16:03]
.
2014-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1653703331-2215413810-4147242134-1001UA.job
- c:\users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-13 16:03]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 03:21]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 03:21]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1653703331-2215413810-4147242134-1001Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:37]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1653703331-2215413810-4147242134-1001UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-01-17 22:10 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-03 17:04 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-10-01 497648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-17 163360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-17 387616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-17 418336]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-01-17 13662936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.plusnetwork.com/?sp=blatbf
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-MBAMSwissArmy
AddRemove-Smart Fortress 2012 - c:\programdata\529C50D80000297C00015534A60145BE\529C50D80000297C00015534A60145BE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\Rundll32.exe
c:\windows\SysWOW64\TODDSrv.exe
c:\users\Tim\AppData\Local\Google\Update\Install\{BDD1C868-A425-4066-B40B-03E720421996}\33.0.1750.29_chrome_installer.exe
c:\users\Tim\AppData\Local\Temp\CR_21D20.tmp\setup.exe
c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
.
**************************************************************************
.
Completion time: 2014-01-19 16:58:44 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-19 21:58
.
Pre-Run: 120,211,156,992 bytes free
Post-Run: 119,435,972,608 bytes free
.
- - End Of File - - 087DDBDEA1938643FC4305FD8C5E9511
A36C5E4F47E84449FF07ED3517B43A31
 
Looks good.

How is computer doing?

redtarget.gif
Uninstall Advanced SystemCare.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Cpu still shoots up a bit and the physical memory is high too though I dont run much on boot. but the dcom error and plug n play errors have both stopped. uninstalled advanced system care. gonna try the programs you suggested
 
# AdwCleaner v3.017 - Report created 19/01/2014 at 19:45:38
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tim - TIM-PC
# Running from : C:\Users\Tim\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\fbDownloader
Folder Deleted : C:\Program Files (x86)\SDIV 2.0
Folder Deleted : C:\Program Files (x86)\IMVU_Inc_C
Folder Deleted : C:\Users\Tim\AppData\Local\Babylon
Folder Deleted : C:\Users\Tim\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Tim\AppData\Local\Conduit
Folder Deleted : C:\Users\Tim\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Tim\AppData\Local\zManateeSA
Folder Deleted : C:\Users\Tim\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Tim\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tim\AppData\LocalLow\IMVU_Inc_C
Folder Deleted : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopdmcnionefjjnmchkiimificckpkif
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\user.js
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{1F30D846-4BEF-4246-B19E-7E503B0E6639}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{1F30D846-4BEF-4246-B19E-7E503B0E6639}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pollkeobaahnbmpcgombjfibedabcddd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oopdmcnionefjjnmchkiimificckpkif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oopdmcnionefjjnmchkiimificckpkif
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\FBDownloader.BHO
Key Deleted : HKLM\SOFTWARE\Classes\FBDownloader.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto
Key Deleted : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{553318DA-D010-469E-84B1-496563CAE1BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{598B7D72-2C44-4351-BBC8-3DACE2A10CB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{671F1846-80F2-4ED8-B183-A921E6A4D5D4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{553318DA-D010-469E-84B1-496563CAE1BF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFFC903B-C692-4F93-B1B9-340491C766E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{653E5942-77F5-47EB-9DA4-22E563F3A907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc_C
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\IMVU_Inc_C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11377 octets] - [19/01/2014 19:21:34]
AdwCleaner[S0].txt - [11299 octets] - [19/01/2014 19:45:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11360 octets] ##########
 
OTL logfile created on: 1/19/2014 8:02:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.71% Memory free
3.74 Gb Paging File | 2.64 Gb Available in Paging File | 70.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 111.63 Gb Free Space | 47.95% Space Free | Partition Type: NTFS

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/19 19:15:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2014/01/03 12:03:51 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/03 12:03:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/14 19:48:30 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/07 11:42:30 | 000,469,032 | ---- | M] (Phase Five Systems) -- C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
PRC - [2013/05/07 11:23:54 | 000,007,680 | ---- | M] (Phase Five Systems) -- C:\Program Files (x86)\Jump Desktop\JumpService.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/10/20 13:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\SysWOW64\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/03 12:03:58 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/14 19:49:56 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/11/14 19:48:30 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/05/16 00:45:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 00:45:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/14 11:45:50 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/10 09:23:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 09:23:02 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 09:22:58 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/01/10 09:22:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll
MOD - [2013/01/10 09:22:22 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 09:22:09 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/03 12:03:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/07/19 11:21:14 | 002,179,056 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/06/23 10:49:24 | 000,087,040 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2012/02/07 18:12:04 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2013/12/10 15:34:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 14:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/07 04:42:30 | 004,308,320 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/07 11:23:54 | 000,007,680 | ---- | M] (Phase Five Systems) [Auto | Running] -- C:\Program Files (x86)\Jump Desktop\JumpService.exe -- (JumpDesktop)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/20 13:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TODDSrv.exe -- (TODDSrv)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/18 20:41:22 | 000,117,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/01/17 18:17:47 | 000,888,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/01/17 18:08:44 | 010,629,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/01/17 18:07:34 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014/01/04 14:50:09 | 000,089,304 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/01/03 12:05:03 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/03 12:04:04 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/03 12:04:04 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/03 12:04:04 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/03 12:04:04 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/03 12:04:04 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/03 12:04:03 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/11 10:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/04/23 11:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 10:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 10:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/02/07 18:12:02 | 000,161,432 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/07 21:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 21:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/03/31 02:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/11/09 08:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/05/14 19:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E E5 2C 44 BF AB CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3C210547-38CE-4EAD-8127-DE907C16C382}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=C976FE8D-31E7-4419-8C9B-E96231815209
IE - HKCU\..\SearchScopes\{8F4E7163-9ABB-49AA-9861-94401C1F938F}: "URL" = http://search.conduit.com/ResultsEx...4&ctid=CT3318151&CUI=UN31594737191294519&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledAddons: ALone-live%40ya.ru:1.4.4
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20131217
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tim\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tim\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\autodesk.com/Autodesk123DShapes: C:\Users\Tim\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.129\npAutodesk123DShapes32.dll (Autodesk)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Tim\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbdownloader@KMcore: C:\Program Files (x86)\SDIV 2.0\Lib\xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/20 10:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/20 10:28:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{293B0DB5-9B68-11E1-826E-B8AC6F996F26}: C:\Users\Tim\AppData\Local\{293B0DB5-9B68-11E1-826E-B8AC6F996F26}\ [2012/05/11 07:52:37 | 000,000,000 | ---D | M]

[2014/01/03 19:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2014/01/17 17:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\extensions
[2014/01/03 20:33:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/01/03 20:03:17 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\extensions\ALone-live@ya.ru
[2014/01/17 17:10:49 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\extensions\ascsurfingprotection@iobit.com
[2014/01/03 20:33:10 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\extensions\isreaditlater@ideashower.com
[2014/01/17 17:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\pbe9g5bx.default\extensions
[2014/01/17 17:10:53 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\pbe9g5bx.default\extensions\ascsurfingprotection@iobit.com
[2014/01/03 19:44:24 | 002,830,117 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\extensions\nasanightlaunch@example.com.xpi
[2014/01/03 20:33:10 | 000,290,572 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2014/01/03 20:16:59 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\1t83d977.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/03 19:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/20 10:28:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/20 10:28:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/12/20 10:28:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/20 10:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/12/20 10:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/20 10:28:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/01/03 19:41:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tim\AppData\Local\Google\Chrome\Application\32.0.1700.68\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tim\AppData\Local\Google\Chrome\Application\32.0.1700.68\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tim\AppData\Local\Google\Chrome\Application\32.0.1700.68\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Tim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Tim\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Turn Off the Lights = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.34_0\
CHR - Extension: WOT = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0\
CHR - Extension: Adblock Plus = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: WOT Safe Search = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0\
CHR - Extension: Tampermonkey = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0\
CHR - Extension: Stylish = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.4.0_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0\
CHR - Extension: Until AM Web App = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: Google Play = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: Morpheon Dark = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad\2.0_0\
CHR - Extension: Google Translate = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Hover Zoom = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.26_0\
CHR - Extension: Iconized Bookmarks Popup = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgonnihpamikjkfckpolamefpniicak\1.8.3_0\
CHR - Extension: Click to shrink all links in the bookmarks-bar automatically into icons only. = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpcoijhnioeaopipiblnmjlckcbbfhm\1.0.0_0\
CHR - Extension: Instagram for Chrome = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1.6_0\

O1 HOSTS File: ([2014/01/19 16:49:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe (Phase Five Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A52576-225F-45F2-9EFB-7EF8ECC24B6C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/23 20:54:33 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========

[2014/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 19:15:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2014/01/19 19:14:53 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Tim\Desktop\JRT.exe
[2014/01/19 19:09:35 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/01/19 16:49:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/01/19 16:44:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/19 16:20:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/19 16:20:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/19 16:20:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/19 16:17:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/19 16:16:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/19 16:15:02 | 005,167,985 | R--- | C] (Swearware) -- C:\Users\Tim\Desktop\ComboFix.exe
[2014/01/18 20:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/18 20:40:57 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\mbar
[2014/01/17 18:50:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\CrashDumps
[2014/01/17 18:17:47 | 000,888,536 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/01/17 18:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/01/17 18:16:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/01/17 18:14:15 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/01/17 18:14:13 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/01/17 18:14:13 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/01/17 18:14:13 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/01/17 18:14:13 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/01/17 18:14:12 | 000,722,688 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/01/17 18:14:12 | 000,244,480 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/01/17 18:14:11 | 001,014,016 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/01/17 18:14:11 | 000,897,792 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/01/17 18:14:10 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/01/17 18:14:10 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/01/17 18:14:10 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/01/17 18:14:10 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/01/17 18:14:01 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/01/17 18:14:01 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/01/17 18:14:01 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/01/17 18:14:01 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/01/17 18:13:59 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/01/17 18:13:58 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/01/17 18:13:56 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/01/17 18:13:56 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/01/17 18:13:56 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/01/17 18:13:56 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/01/17 18:13:55 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/01/17 18:13:54 | 005,753,112 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2014/01/17 18:13:54 | 000,912,184 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOSettingsIPC.dll
[2014/01/17 18:13:49 | 000,907,008 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/01/17 18:13:49 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/01/17 18:13:48 | 001,286,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/01/17 18:13:47 | 003,899,648 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnN64.dll
[2014/01/17 18:13:45 | 027,644,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2014/01/17 18:13:44 | 014,153,984 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/01/17 18:13:44 | 001,922,304 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2014/01/17 18:13:43 | 002,036,992 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/01/17 18:13:42 | 001,345,280 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/01/17 18:13:42 | 001,013,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/01/17 18:13:42 | 000,790,272 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysWow64\MaxxAudioAPOShell.dll
[2014/01/17 18:13:41 | 001,084,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/01/17 18:13:41 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/01/17 18:13:41 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/01/17 18:13:40 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/01/17 18:13:35 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/01/17 18:13:35 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/01/17 18:13:35 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/01/17 18:13:35 | 000,501,184 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/01/17 18:13:35 | 000,487,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/01/17 18:13:35 | 000,415,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/01/17 18:13:34 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/01/17 18:13:34 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/01/17 18:13:34 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/01/17 18:13:34 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/01/17 18:13:34 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/01/17 18:13:34 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/01/17 18:13:34 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/01/17 18:13:33 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/01/17 18:13:33 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/01/17 18:13:33 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/01/17 18:13:32 | 006,217,904 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/01/17 18:13:32 | 001,938,608 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/01/17 18:13:32 | 000,313,520 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/01/17 18:13:32 | 000,260,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/01/17 18:13:31 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/01/17 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2014/01/17 18:07:34 | 000,032,496 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2014/01/17 17:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2014/01/17 17:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014/01/17 17:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014/01/17 17:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/01/17 17:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/01/17 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\IObit
[2014/01/09 01:39:19 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/04 14:53:10 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/04 14:50:08 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/04 10:48:21 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Tim\Desktop\mbar-1.07.0.1008.exe
[2014/01/03 19:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/03 19:02:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Opera Software
[2014/01/03 19:02:03 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Opera Software
[2014/01/03 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/01/03 17:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/01/03 17:53:30 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/01/03 17:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/01/03 12:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2014/01/03 12:06:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVAST Software
[2014/01/03 12:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/03 12:04:18 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/03 12:04:16 | 001,034,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/03 12:04:15 | 000,422,216 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/03 12:04:14 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/03 12:04:13 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/03 12:04:09 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/03 12:04:01 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/03 12:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/03 11:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/12/23 00:03:06 | 000,000,000 | ---D | C] -- C:\zsnesw151
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/19 20:08:06 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1653703331-2215413810-4147242134-1001UA.job
[2014/01/19 19:58:13 | 000,015,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 19:58:13 | 000,015,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 19:52:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1653703331-2215413810-4147242134-1001UA.job
[2014/01/19 19:49:48 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/19 19:49:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/19 19:48:09 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/19 19:47:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/19 19:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/19 19:15:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2014/01/19 19:15:09 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Tim\Desktop\JRT.exe
[2014/01/19 19:14:53 | 001,236,282 | ---- | M] () -- C:\Users\Tim\Desktop\adwcleaner.exe
[2014/01/19 16:49:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/19 16:15:09 | 005,167,985 | R--- | M] (Swearware) -- C:\Users\Tim\Desktop\ComboFix.exe
[2014/01/18 20:41:22 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/17 18:19:03 | 002,505,054 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2014/01/17 18:17:47 | 000,888,536 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/01/17 18:17:23 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014/01/17 18:14:15 | 002,103,040 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/01/17 18:14:13 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/01/17 18:14:13 | 000,211,184 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/01/17 18:14:13 | 000,198,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/01/17 18:14:13 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/01/17 18:14:12 | 000,722,688 | ---- | M] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/01/17 18:14:12 | 000,244,480 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/01/17 18:14:11 | 001,014,016 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/01/17 18:14:11 | 000,897,792 | ---- | M] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/01/17 18:14:10 | 005,681,196 | ---- | M] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/01/17 18:14:10 | 000,221,024 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/01/17 18:14:10 | 000,081,248 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/01/17 18:14:10 | 000,078,688 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/01/17 18:14:10 | 000,074,064 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/01/17 18:14:01 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/01/17 18:14:01 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/01/17 18:14:01 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/01/17 18:14:01 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/01/17 18:13:59 | 000,693,329 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/01/17 18:13:59 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/01/17 18:13:59 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/01/17 18:13:56 | 007,164,176 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/01/17 18:13:56 | 000,434,960 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/01/17 18:13:56 | 000,141,584 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/01/17 18:13:56 | 000,124,176 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/01/17 18:13:56 | 000,075,024 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/01/17 18:13:55 | 000,912,184 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOSettingsIPC.dll
[2014/01/17 18:13:54 | 005,753,112 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2014/01/17 18:13:49 | 001,286,400 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/01/17 18:13:49 | 000,907,008 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/01/17 18:13:49 | 000,662,784 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/01/17 18:13:47 | 027,644,160 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2014/01/17 18:13:47 | 003,899,648 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnN64.dll
[2014/01/17 18:13:45 | 014,153,984 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/01/17 18:13:44 | 002,036,992 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/01/17 18:13:44 | 001,922,304 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2014/01/17 18:13:42 | 001,345,280 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/01/17 18:13:42 | 001,084,160 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/01/17 18:13:42 | 001,013,504 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/01/17 18:13:42 | 000,790,272 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysWow64\MaxxAudioAPOShell.dll
[2014/01/17 18:13:41 | 000,663,296 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/01/17 18:13:41 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/01/17 18:13:40 | 000,603,984 | ---- | M] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/01/17 18:13:36 | 002,743,328 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/01/17 18:13:35 | 001,756,264 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/01/17 18:13:35 | 000,712,296 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/01/17 18:13:35 | 000,693,352 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/01/17 18:13:35 | 000,501,184 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/01/17 18:13:35 | 000,487,360 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/01/17 18:13:35 | 000,415,680 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/01/17 18:13:34 | 001,568,360 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/01/17 18:13:34 | 000,491,112 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/01/17 18:13:34 | 000,432,744 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/01/17 18:13:34 | 000,428,648 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/01/17 18:13:34 | 000,242,792 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/01/17 18:13:34 | 000,242,792 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/01/17 18:13:34 | 000,241,768 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/01/17 18:13:33 | 006,217,904 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/01/17 18:13:33 | 001,486,952 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/01/17 18:13:33 | 000,728,680 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/01/17 18:13:32 | 001,938,608 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/01/17 18:13:32 | 000,313,520 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/01/17 18:13:32 | 000,260,272 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/01/17 18:13:31 | 000,605,496 | ---- | M] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/01/17 18:13:31 | 000,113,576 | ---- | M] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/01/17 18:13:30 | 000,109,848 | ---- | M] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/01/17 18:08:53 | 000,005,448 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/17 18:08:46 | 000,004,096 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/17 18:08:39 | 000,104,044 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2014/01/17 18:08:39 | 000,000,259 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config
[2014/01/17 18:08:38 | 000,189,552 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2014/01/17 18:08:38 | 000,178,407 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2014/01/17 18:08:38 | 000,165,395 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2014/01/17 18:08:38 | 000,139,909 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2014/01/17 18:08:38 | 000,136,401 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2014/01/17 18:08:38 | 000,133,746 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2014/01/17 18:08:38 | 000,125,558 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2014/01/17 18:08:38 | 000,123,230 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2014/01/17 18:08:38 | 000,122,927 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2014/01/17 18:08:38 | 000,122,709 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2014/01/17 18:08:38 | 000,121,173 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2014/01/17 18:08:38 | 000,120,800 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2014/01/17 18:08:38 | 000,120,366 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2014/01/17 18:08:38 | 000,119,616 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2014/01/17 18:08:38 | 000,119,586 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2014/01/17 18:08:38 | 000,119,360 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2014/01/17 18:08:38 | 000,119,067 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2014/01/17 18:08:38 | 000,118,745 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2014/01/17 18:08:38 | 000,118,697 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2014/01/17 18:08:38 | 000,118,409 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2014/01/17 18:08:38 | 000,118,058 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2014/01/17 18:08:38 | 000,114,852 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2014/01/17 18:08:38 | 000,114,372 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2014/01/17 18:08:38 | 000,114,261 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2014/01/17 18:08:38 | 000,110,211 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2014/01/17 18:08:38 | 000,102,883 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2014/01/17 18:08:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014/01/17 18:07:34 | 000,032,496 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2014/01/17 18:01:53 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/01/17 18:01:53 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\Driver Booster Scan.job
[2014/01/17 17:00:55 | 004,923,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 22:49:02 | 000,007,602 | ---- | M] () -- C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
[2014/01/14 21:29:23 | 004,406,272 | ---- | M] () -- C:\Users\Tim\Desktop\RogueKillerX64 (1).exe
[2014/01/11 17:54:52 | 000,779,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/11 17:54:52 | 000,660,818 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/11 17:54:52 | 000,121,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/11 13:49:02 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2014/01/04 20:23:13 | 000,003,400 | ---- | M] () -- C:\bootsqm.dat
[2014/01/04 14:50:09 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/04 10:49:26 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Tim\Desktop\mbar-1.07.0.1008.exe
[2014/01/03 19:41:52 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/03 17:54:12 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/03 12:05:03 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/03 12:04:04 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/03 12:04:04 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/03 12:04:04 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/03 12:04:04 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/03 12:04:04 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/03 12:04:04 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/03 12:04:03 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/03 12:04:01 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/03 11:08:42 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1653703331-2215413810-4147242134-1001Core.job
[2014/01/02 21:59:32 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1653703331-2215413810-4147242134-1001Core.job
[2013/12/31 18:12:35 | 000,012,764 | ---- | M] () -- C:\Users\Tim\Documents\chrismikoprofin2.rtf
[2013/12/31 17:21:48 | 000,003,889 | ---- | M] () -- C:\Users\Tim\Documents\chrismikoprofin.rtf
[2013/12/22 23:56:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/19 19:14:39 | 001,236,282 | ---- | C] () -- C:\Users\Tim\Desktop\adwcleaner.exe
[2014/01/19 16:20:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/19 16:20:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/19 16:20:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/19 16:20:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/19 16:20:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/17 18:17:23 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/01/17 18:14:10 | 005,681,196 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/01/17 18:13:59 | 000,693,329 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/01/17 18:13:30 | 000,605,496 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/01/17 18:13:30 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/01/17 18:08:53 | 000,005,448 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/17 18:08:46 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/17 18:08:39 | 000,000,259 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2014/01/17 18:08:38 | 000,189,552 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2014/01/17 18:08:38 | 000,178,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2014/01/17 18:08:38 | 000,165,395 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2014/01/17 18:08:38 | 000,139,909 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2014/01/17 18:08:38 | 000,136,401 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2014/01/17 18:08:38 | 000,133,746 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2014/01/17 18:08:38 | 000,125,558 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2014/01/17 18:08:38 | 000,123,230 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2014/01/17 18:08:38 | 000,122,927 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2014/01/17 18:08:38 | 000,122,709 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2014/01/17 18:08:38 | 000,121,173 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2014/01/17 18:08:38 | 000,120,800 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2014/01/17 18:08:38 | 000,120,366 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2014/01/17 18:08:38 | 000,119,616 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2014/01/17 18:08:38 | 000,119,586 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2014/01/17 18:08:38 | 000,119,360 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2014/01/17 18:08:38 | 000,119,067 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2014/01/17 18:08:38 | 000,118,745 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2014/01/17 18:08:38 | 000,118,697 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2014/01/17 18:08:38 | 000,118,409 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2014/01/17 18:08:38 | 000,118,058 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2014/01/17 18:08:38 | 000,114,852 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2014/01/17 18:08:38 | 000,114,372 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2014/01/17 18:08:38 | 000,114,261 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2014/01/17 18:08:38 | 000,110,211 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2014/01/17 18:08:38 | 000,104,044 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2014/01/17 18:08:38 | 000,102,883 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2014/01/17 18:08:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014/01/17 18:01:53 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/01/17 18:01:53 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\Driver Booster Scan.job
[2014/01/17 17:00:35 | 004,923,824 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/14 21:29:08 | 004,406,272 | ---- | C] () -- C:\Users\Tim\Desktop\RogueKillerX64 (1).exe
[2014/01/04 20:23:13 | 000,003,400 | ---- | C] () -- C:\bootsqm.dat
[2014/01/03 19:41:51 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/03 19:41:51 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/03 19:01:35 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2014/01/03 17:54:13 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/01/03 17:54:12 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/03 12:04:18 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/03 12:04:17 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/12/31 18:12:34 | 000,012,764 | ---- | C] () -- C:\Users\Tim\Documents\chrismikoprofin2.rtf
[2013/12/31 17:19:41 | 000,003,889 | ---- | C] () -- C:\Users\Tim\Documents\chrismikoprofin.rtf
[2013/12/22 23:56:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/11/14 13:16:01 | 000,000,720 | ---- | C] () -- C:\Users\Tim\AppData\Local\recently-used.xbel
[2013/07/09 11:06:10 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2013/05/04 10:01:19 | 000,000,132 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/02/05 16:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/02/05 16:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 16:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 16:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 16:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/24 08:10:52 | 000,003,584 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/10 06:37:10 | 000,000,122 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Offre.ini
[2012/03/30 20:03:23 | 000,000,132 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/03/20 19:46:22 | 000,000,208 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/20 12:33:43 | 000,000,048 | ---- | C] () -- C:\Users\Tim\AppData\Local\TIM-PC.cfg
[2012/03/09 21:13:01 | 000,001,798 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/02/22 19:42:28 | 000,007,602 | ---- | C] () -- C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
[2011/12/12 14:43:44 | 000,011,138 | -HS- | C] () -- C:\Users\Tim\AppData\Local\283243v8d800i561p685o6jha4j4
[2011/11/26 20:26:46 | 000,000,132 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/25 17:08:03 | 000,000,467 | ---- | C] () -- C:\ProgramData\Desktop.lnk

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========
 
[2013/10/17 18:26:21 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.minecraft
[2014/01/03 12:06:07 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVAST Software
[2012/04/24 18:39:02 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Blender Foundation
[2014/01/11 19:32:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Blueberry
[2011/12/20 16:46:31 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/01 14:00:40 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\com.w3i.FlipToast
[2013/11/02 14:40:32 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\HardTime
[2012/08/17 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Highresolution Enterprises
[2014/01/11 18:37:35 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\IMVU
[2013/07/26 18:50:20 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\IMVUClient
[2013/11/14 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\inkscape
[2014/01/17 18:01:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\IObit
[2012/03/14 08:35:43 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\join.me
[2011/11/25 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Leadertech
[2012/02/13 14:09:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LogSys
[2011/12/27 12:37:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LolClient
[2011/12/08 11:14:52 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Ludia
[2012/06/23 08:41:35 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ManyCam
[2011/12/31 09:31:55 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ooVoo Details
[2014/01/03 19:02:03 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Opera Software
[2013/08/02 08:13:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Origin
[2012/03/30 15:51:39 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PDAppFlex
[2013/05/03 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Phase Five Systems
[2013/01/28 17:29:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\RotMG.Production
[2013/01/02 23:35:52 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SecondLife
[2013/10/23 20:44:20 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SketchUp
[2013/11/08 22:43:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify
[2012/05/18 06:22:06 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SystemRequirementsLab
[2013/01/04 22:38:11 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TeamViewer
[2011/12/27 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Temp
[2012/06/05 10:55:31 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TestApp
[2013/07/08 17:26:57 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Thunderbird
[2012/02/24 11:08:14 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Trillian
[2012/02/26 10:56:43 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Unity
[2012/08/09 13:37:52 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WinBatch
[2012/02/01 21:52:55 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Winff
[2013/01/16 11:25:20 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WorldPainter

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3

< End of report >
 
OTL Extras logfile created on: 1/19/2014 8:02:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.71% Memory free
3.74 Gb Paging File | 2.64 Gb Available in Paging File | 70.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 111.63 Gb Free Space | 47.95% Space Free | Partition Type: NTFS

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{055A809C-9DD6-4E53-B597-82177FA34971}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{07EAC4FE-B50F-4396-8654-D1958153CD70}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{0876FB3F-DAE7-4930-B053-A90FF677A0A8}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{176DC305-6F1F-4C26-9819-B64C48EFD073}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{18ADFFB0-D379-44BD-BF6D-B1F5515E6040}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3338D45F-7082-4490-8B56-F82E3920B495}" = rport=137 | protocol=17 | dir=out | app=system |
"{34A3CB08-35C5-403B-8D0B-2079C49E4C03}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{35D40476-969D-4C45-8CEB-BC451FC97F79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{388A0579-7F1F-4859-AE8E-BCC5FBBC3474}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{400167FD-8B20-4658-98E5-B2C6ECA56594}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{465A6BFF-BC02-45D3-957F-7244B4CABF9D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4EABB45C-D40A-45B9-ACFF-5BEE5208A67F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F14D16A-01F4-4FCD-B7D4-DC336A25D27C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{53DD3F41-23C8-4F13-9BEB-7F1C19F7867B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5AF9B661-6795-4934-9CA5-83FB719809C9}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{6307CD2B-250C-4413-B0DA-0D1675A574B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{767A8536-6A7F-40BC-904E-3BB9D7D6E70F}" = rport=445 | protocol=6 | dir=out | app=system |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A6CA95A-2D79-47B6-B683-76E6DB5A7189}" = rport=139 | protocol=6 | dir=out | app=system |
"{9CCAB1A8-14A0-4811-B3A8-4C2E5B6A902A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9E65248D-AC78-415B-AA15-24DC416E8CAE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A11C5A18-67C5-4993-9B9A-8F9C1E8E8E2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5F2F63D-C3BF-4093-8756-D0CEA8314BCE}" = lport=137 | protocol=17 | dir=in | app=system |
"{B7FCF799-37E5-41C9-BB29-8DE6B8287B67}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0EFEF82-7233-40AC-900D-3C0879E2A6F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D831F850-14A3-4C28-80FE-91F2D0EDB52F}" = lport=139 | protocol=6 | dir=in | app=system |
"{DA694FDA-A7CA-405C-91D6-10BF356372E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7E925D2-97C7-4F09-8C14-988084E3C905}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0425F3CA-4454-42C5-A9D7-0725BC41E17B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14110A10-99E9-4615-A251-5C4270D7C0CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D4B75D1-2288-49F9-A125-06314B8D4503}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{28B2214B-F429-404F-B680-82475EB65A50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CABD99A-E68A-44F3-B7A3-ACAD89C22AFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D9EE2E3-8935-46EE-9DE0-3388C782DEBF}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{3E9078A7-4D1D-4855-9ED4-2EBE11ED3234}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{412BEC5B-DDA3-4915-8CE3-381E5915E235}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4C4C6D6C-EB59-463A-915B-102C7FC42C22}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{587529D2-FD83-4ED3-888E-986C54083514}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5ED038A5-8545-4D48-96B5-5B675F707BDF}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6328A5C3-ECF9-4B21-9C71-E85A6D2D1D86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8050B96B-AB8F-4543-AB56-585FE3809E19}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{8360EFD0-6D2C-4E33-8183-BBED4543A85C}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E028673-86A1-4BC4-A15A-C08C3B581A01}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F17FC8C-CA40-45DD-9B58-198D9786BB72}" = protocol=6 | dir=out | app=system |
"{9299A109-5079-4A03-9EBC-55B2A1A8C03B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94BFB8D1-849B-4F1E-BF9E-EA0781234AD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99317FC4-72B0-4F75-AAEA-B54E73E692E5}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{A2A5E2DD-A7C8-454D-950F-4AED41011ABB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7DD89AE-19FC-4D95-B234-D3B5FD64A5BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B58B9F58-53F5-4D6E-A15F-9C2104FD89F5}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C2969387-C889-4609-8625-A1591C43285F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C6C443B6-A258-4509-97FC-D2B3B9383201}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C7711E01-8193-4B1C-A8A8-9D4464D11411}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C99D1207-86A7-4A9F-8666-CC507EF158BB}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{CD54E038-4619-4DFB-87C9-2ADAA3888CDB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D05B2A57-A6A6-40B8-A034-5FE716519879}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4607E6B-8450-41D0-B048-A79D5C94EB56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB412ADE-0F1E-4805-85A3-113F58E3167E}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E945D925-3962-4AC4-B806-FB1A99D6C8E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5DEBF8E-DBF1-4537-AAE8-127989A539B6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{77810596-A6BC-4474-826C-2AC758694D36}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4752EDA8-D918-4BA2-BF8D-41062FF57DB1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}" = TightVNC
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Sandboxie" = Sandboxie 3.64 (64-bit)
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C9644-9F82-44d3-B4CA-AC31F46F5882}" = Python 3.2.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C9EBE06-8BA2-4AEB-BFD8-6614072FE75F}" = SamsungSimpleDownloaderTool for SPH-D710
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{904CD0E4-4B72-4CF7-9828-267C6678A22E}" = System Requirements Lab for Intel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E4D695B-87A6-49A7-A36C-85F2E63B669D}" = FBDownloader IE Add-on
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}" = SAMSUNG USB Driver for Mobile Phones V5.16.0.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5CC77BE-BC5B-424E-8E45-DF60AFF7BE9C}" = Adobe Pixel Bender Toolkit 2
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E75634FB-B0FD-4759-AFC3-E494FC83F2DA}" = Jump Desktop
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AutoHotkey" = AutoHotkey 1.1.11.00
"Avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DivX Setup" = DivX Setup
"InstallShield_{8C9EBE06-8BA2-4AEB-BFD8-6614072FE75F}" = SamsungSimpleDownloaderTool for SPH-D710
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 18.0.1284.68" = Opera Stable 18.0.1284.68
"Origin" = Origin
"PrintProjects" = PrintProjects
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"X-Mouse Button Control" = X-Mouse Button Control 2.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"SOE-DC Universe Online Live" = DC Universe Online Live
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2014 7:22:39 PM | Computer Name = Tim-PC | Source = Application Hang | ID = 1002
Description = The program SDFiles.exe version 2.2.18.135 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1884 Start
Time: 01cf08d9232e943f Termination Time: 122 Application Path: C:\Program Files (x86)\Spybot
- Search & Destroy 2\SDFiles.exe Report Id: d72ff1d6-74cd-11e3-b795-002622eaeff3


Error - 1/3/2014 8:05:15 PM | Computer Name = Tim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: Flash64_11_9_900_170.ocx, version: 11.9.900.170,
time stamp: 0x529b76a2 Exception code: 0xc0000005 Fault offset: 0x0000000000824b55
Faulting
process id: 0x2a0 Faulting application start time: 0x01cf08c8f2cd2fb0 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash64_11_9_900_170.ocx
Report
Id: e2af930c-74d3-11e3-b795-002622eaeff3

Error - 1/19/2014 6:45:56 PM | Computer Name = Tim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SDUpdate.exe, version: 2.2.18.91, time
stamp: 0x51949fc0 Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time
stamp: 0x4cca139f Exception code: 0xc0000006 Fault offset: 0x00082ce8 Faulting process
id: 0x97c Faulting application start time: 0x01cf156653b9a153 Faulting application
path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Faulting module
path: C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl Report Id: 7529ddf2-815b-11e3-b8aa-002622eaeff3

Error - 1/19/2014 6:45:56 PM | Computer Name = Tim-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files (x86)\Spybot - Search
& Destroy 2\rtl150.bpl for one of the following reasons: there is a problem with
the network connection, the disk that the file is stored on, or the storage drivers
installed on this computer; or the disk is missing. Windows closed the program Update
because of this error. Program: Update File: C:\Program Files (x86)\Spybot - Search
& Destroy 2\rtl150.bpl The error value is listed in the Additional Data section.
User
Action 1. Open the file again. This situation might be a temporary problem that corrects
itself when the program runs again. 2. If the file still cannot be accessed and -
It is on the network, your network administrator should verify that there is not
a problem with the network and that the server can be contacted. - It is on a removable
disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted
into the computer. 3. Check and repair the file system by running CHKDSK. To run
CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt,
type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file
from a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: C0000185
Disk
type: 3

[ System Events ]
Error - 1/19/2014 7:42:17 PM | Computer Name = Tim-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 1/19/2014 7:46:54 PM | Computer Name = Tim-PC | Source = NetBT | ID = 4321
Description = The name "TIM-PC :0" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.105 did
not allow the name to be claimed by this computer.

Error - 1/19/2014 7:46:59 PM | Computer Name = Tim-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C3A52576-225F-45F2-9EFB-7EF8ECC24B6C}
because another computer on the network has the same name. The server could not
start.

Error - 1/19/2014 7:46:59 PM | Computer Name = Tim-PC | Source = NetBT | ID = 4321
Description = The name "TIM-PC :20" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.105 did
not allow the name to be claimed by this computer.

Error - 1/19/2014 7:48:22 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).

Error - 1/19/2014 8:09:33 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 7 service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/19/2014 8:48:10 PM | Computer Name = Tim-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\tdcmdpst.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 1/19/2014 8:51:17 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).

Error - 1/19/2014 8:51:44 PM | Computer Name = Tim-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.104 did
not allow the name to be claimed by this computer.

Error - 1/19/2014 9:32:47 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.


< End of report >
 
redtarget.gif
I still need Junkware Removal Tool log.

redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKCU\..\SearchScopes\{3C210547-38CE-4EAD-8127-DE907C16C382}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=C976FE8D-31E7-4419-8C9B-E96231815209
IE - HKCU\..\SearchScopes\{8F4E7163-9ABB-49AA-9861-94401C1F938F}: "URL" = http://search.conduit.com/ResultsEx...4&ctid=CT3318151&CUI=UN31594737191294519&UM=2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

redtarget.gif
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tim on Sun 01/19/2014 at 22:18:56.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3C210547-38CE-4EAD-8127-DE907C16C382}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8F4E7163-9ABB-49AA-9861-94401C1F938F}



~~~ Files

Successfully deleted: [File] C:\Users\Tim\appdata\local\{293B0DB5-9B68-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Tim\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\yuna software"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0c551b16-1acb-5251-4b28-c404ed1a4fcc}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3A3E66A2-64CD-4FBC-8EF1-F9ED414DFC6E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3FCA249E-B20B-402A-9839-946D46790B5A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{40481A4C-95E8-47AF-96ED-BF982949EDAA}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5052E43A-3915-4389-BA5B-77BD545422DB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5C5AB468-2822-42BF-8BED-FF5935E430CB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{68054E73-F7BA-41E0-8C0F-7E6431422957}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{70C3A71D-18EB-44CA-AE96-6C86BF88BABE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A6A3016D-A1E0-4ACA-96C5-BAD0DB4F0FF6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C3B54F83-0B55-4FAC-A089-282B323A02AD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E4E3C3D6-B8FC-431F-9C75-D874452CB667}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E8FEEEBC-FE5E-4F6F-A0BC-62394952BB32}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F00FE4D1-BFE2-41BF-880E-958E6D06D991}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F8F43705-311D-4A9B-96DB-A16294DDAF01}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{FA62757B-1E36-4AF1-86CF-83E3A44B7FC0}
Successfully deleted: [Folder] C:\Users\Tim\appdata\local\{293B0DB5-9B68-11E1-826E-B8AC6F996F26} [Trojan:JS/Medfos.A]



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\fbdownloader@kmcore



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/19/2014 at 22:33:01.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3C210547-38CE-4EAD-8127-DE907C16C382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C210547-38CE-4EAD-8127-DE907C16C382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F4E7163-9ABB-49AA-9861-94401C1F938F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F4E7163-9ABB-49AA-9861-94401C1F938F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:0D786AE3 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Mcx1-TIM-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tim
->Temp folder emptied: 5866337 bytes
->Temporary Internet Files folder emptied: 57554756 bytes
->Java cache emptied: 1532982 bytes
->FireFox cache emptied: 28554354 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 436453 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11314 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 933009280 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 767 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 980.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: hedev

User: Mcx1-TIM-PC

User: Public

User: Tim
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: hedev

User: Mcx1-TIM-PC
->Flash cache emptied: 0 bytes

User: Public

User: Tim
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01192014_225407

Files\Folders moved on Reboot...
C:\Users\Tim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Process PID CPU Private Bytes Working Set Description Company Name Command Line
DivXUpdate.exe 2204 6,184 K 15,652 K DivX Update "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
EKPrinterSDK.exe 2496 1,660 K 5,016 K Status Monitor SDK for KODAK AiO Printer (32-Bit Intel(R) Pentium(TM) 4 Optimized Build) Eastman Kodak Company "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe"
hkcmd.exe 2032 2,588 K 9,424 K hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
igfxpers.exe 2040 1,784 K 6,228 K persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
lsm.exe 648 2,608 K 5,428 K
mbamscheduler.exe 2864 2,052 K 5,776 K Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
msseces.exe 1728 5,668 K 13,892 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
procexp.exe 2648 2,576 K 7,712 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Tim\Desktop\ProcessExplorer\procexp.exe"
RAVCpl64.exe 712 7,792 K 10,088 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
smss.exe 344 372 K 1,012 K
spoolsv.exe 1884 6,100 K 11,312 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
SpotifyWebHelper.exe 1860 1,744 K 5,956 K SpotifyWebHelper Spotify Ltd "C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
svchost.exe 4384 5,440 K 11,240 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
svchost.exe 3712 2,084 K 5,508 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 2460 1,640 K 5,192 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 768 3,472 K 8,596 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 1124 2,332 K 5,472 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
taskeng.exe 2528 1,576 K 4,896 K
taskhost.exe 1892 2,760 K 6,512 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
UMVPFSrv.exe 1036 1,048 K 3,888 K Logitech User mode UMVPF service Logitech Inc. C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
wininit.exe 540 1,304 K 4,192 K
winlogon.exe 604 2,504 K 6,796 K
WLIDSVCM.EXE 3116 1,020 K 3,000 K
svchost.exe 1296 < 0.01 13,292 K 16,564 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
XMouseButtonSvc.exe 3272 < 0.01 1,032 K 3,444 K Windows service to run XMouseButtonControl with admin priviledges on any user session. Highresolution Enterprises C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
TODDSrv.exe 3008 < 0.01 1,116 K 4,024 K TDCSrv Application TOSHIBA Corporation C:\Windows\SysWOW64\TODDSrv.exe
EKAiOHostService.exe 2344 < 0.01 26,544 K 25,680 K EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
WLIDSVC.EXE 2548 < 0.01 6,268 K 14,608 K "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
JumpDesktop.exe 988 0.01 26,116 K 29,852 K Jump Desktop Phase Five Systems "C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe" autorun
JumpService.exe 2288 0.01 24,260 K 21,140 K Jump Desktop Service Phase Five Systems "C:\Program Files (x86)\Jump Desktop\JumpService.exe"
svchost.exe 552 0.01 9,360 K 16,152 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 500 0.01 55,432 K 61,020 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe 848 0.02 4,000 K 7,740 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
services.exe 624 0.04 5,580 K 9,488 K
svchost.exe 1324 0.04 13,124 K 17,988 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
csrss.exe 488 0.04 2,072 K 4,404 K
tvnserver.exe 1796 0.04 2,056 K 5,608 K TightVNC Server GlavSoft LLC. "C:\Program Files\TightVNC\tvnserver.exe" -service
lsass.exe 640 0.04 4,620 K 11,652 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
c2c_service.exe 896 0.04 2,420 K 7,460 K Skype C2C Service Skype Technologies S.A. "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
audiodg.exe 2928 0.06 20,136 K 20,008 K
SDUpdSvc.exe 3304 0.07 8,824 K 15,912 K Spybot-S&D 2 Background update service Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
AvastUI.exe 2196 0.11 15,516 K 16,244 K avast! Antivirus AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
svchost.exe 2252 0.15 4,840 K 8,984 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
SearchIndexer.exe 3616 0.17 20,980 K 14,408 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
XMouseButtonControl.exe 3312 0.17 2,004 K 6,448 K
SDTray.exe 2212 0.21 11,580 K 20,416 K Spybot - Search & Destroy tray access Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
FlashPlayerPlugin_11_9_900_170.exe 4240 0.27 4,352 K 9,496 K Adobe Flash Player 11.9 r900 Adobe Systems, Inc. "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe" --proxy-stub-channel=Flash4980.62786650.18342 --host-broker-channel=Flash4980.62786650.1999 --host-pid=4980 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll"
taskmgr.exe 2692 0.31 2,352 K 8,772 K Windows Task Manager Microsoft Corporation taskmgr.exe /3
SDWSCSvc.exe 3488 0.33 5,276 K 9,788 K Windows Security Center integration. Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
svchost.exe 388 0.47 15,564 K 29,492 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 268 0.48 26,700 K 23,692 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
explorer.exe 1560 0.66 36,956 K 52,680 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
firefox.exe 4980 0.72 252,000 K 279,524 K Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
FlashPlayerPlugin_11_9_900_170.exe 3904 0.85 14,784 K 17,368 K Adobe Flash Player 11.9 r900 Adobe Systems, Inc. "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe" --channel=4240.005CF78C.594167206 --proxy-stub-channel=Flash4980.62786650.18342 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll" --host-npapi-version=27 --type=renderer
csrss.exe 548 1.03 2,036 K 10,588 K
System 4 1.90 196 K 3,288 K
SDFSSvc.exe 3052 1.95 24,168 K 27,356 K Spybot-S&D 2 Scanner Service Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
Interrupts n/a 1.98 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1528 2.34 50,620 K 26,468 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
AvastSvc.exe 1452 3.72 41,424 K 19,080 K avast! Service AVAST Software "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
MsMpEng.exe 908 3.97 63,112 K 58,856 K Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
procexp64.exe 2636 7.55 33,044 K 39,780 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Tim\Desktop\ProcessExplorer\procexp.exe"
System Idle Process 0 28.85 0 K 24 K
SDUpdate.exe 4228 41.36 8,904 K 15,564 K
 
It looks like Spybot is creating issues.
Uninstall it, restart computer and post fresh Process Explorer log.
 
done

Process PID CPU Private Bytes Working Set Description Company Name Command Line
audiodg.exe 1200 18,020 K 17,500 K
csrss.exe 488 1,880 K 4,192 K
EKPrinterSDK.exe 2896 1,708 K 5,028 K Status Monitor SDK for KODAK AiO Printer (32-Bit Intel(R) Pentium(TM) 4 Optimized Build) Eastman Kodak Company "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe"
hkcmd.exe 1484 2,616 K 9,412 K hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
igfxpers.exe 1496 1,736 K 6,148 K persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
lsass.exe 656 4,564 K 11,720 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 664 2,724 K 5,452 K
mbamscheduler.exe 1316 2,104 K 5,800 K Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
msseces.exe 1716 5,992 K 16,084 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
NisSrv.exe 3636 7,452 K 3,844 K Microsoft Network Realtime Inspection Service Microsoft Corporation "c:\Program Files\Microsoft Security Client\NisSrv.exe"
procexp.exe 2436 2,560 K 7,520 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Tim\Desktop\ProcessExplorer\procexp.exe"
RAVCpl64.exe 1536 7,832 K 10,088 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
SearchFilterHost.exe 2124 1,564 K 4,540 K
services.exe 640 5,644 K 9,376 K
smss.exe 344 372 K 1,012 K
spoolsv.exe 1916 6,156 K 11,308 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
SpotifyWebHelper.exe 1304 1,836 K 5,984 K SpotifyWebHelper Spotify Ltd "C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
sppsvc.exe 3208 2,532 K 8,364 K Microsoft Software Protection Platform Service Microsoft Corporation C:\Windows\system32\sppsvc.exe
svchost.exe 3760 2,368 K 5,760 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 1872 5,788 K 11,596 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
svchost.exe 2608 1,612 K 5,168 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 1160 13,092 K 17,476 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 848 3,680 K 7,504 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 1232 2,144 K 5,320 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
svchost.exe 772 3,612 K 8,640 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 268 19,616 K 22,404 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
taskeng.exe 2444 1,532 K 4,864 K
taskeng.exe 2588 1,700 K 5,440 K Task Scheduler Engine Microsoft Corporation taskeng.exe {8B4A71FD-BDB4-4200-859F-09B16D6D632E}
taskhost.exe 1924 2,872 K 6,532 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
taskhost.exe 2720 5,936 K 11,976 K
UMVPFSrv.exe 1036 1,072 K 3,920 K Logitech User mode UMVPF service Logitech Inc. C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
wininit.exe 540 1,308 K 4,192 K
winlogon.exe 604 2,564 K 6,812 K
WLIDSVCM.EXE 3140 1,048 K 3,008 K
TODDSrv.exe 2880 < 0.01 1,192 K 4,068 K TDCSrv Application TOSHIBA Corporation C:\Windows\SysWOW64\TODDSrv.exe
XMouseButtonSvc.exe 3092 < 0.01 1,028 K 3,436 K Windows service to run XMouseButtonControl with admin priviledges on any user session. Highresolution Enterprises C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
svchost.exe 396 < 0.01 16,420 K 31,292 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 500 0.01 54,920 K 62,268 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
DivXUpdate.exe 2152 0.01 5,292 K 14,584 K DivX Update "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
SearchIndexer.exe 3448 0.01 19,604 K 10,260 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 2724 0.01 1,712 K 4,792 K
EKAiOHostService.exe 2848 0.02 26,952 K 25,988 K EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
WLIDSVC.EXE 2688 0.02 6,380 K 14,740 K "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
svchost.exe 552 0.03 9,008 K 15,800 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1368 0.03 12,564 K 16,996 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 2376 0.05 4,852 K 8,988 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
JumpService.exe 2420 0.05 24,284 K 21,068 K Jump Desktop Service Phase Five Systems "C:\Program Files (x86)\Jump Desktop\JumpService.exe"
MsMpEng.exe 904 0.09 62,368 K 56,228 K Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
AvastSvc.exe 1448 0.12 36,712 K 35,836 K avast! Service AVAST Software "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
tvnserver.exe 1560 0.12 2,052 K 5,360 K TightVNC Server GlavSoft LLC. "C:\Program Files\TightVNC\tvnserver.exe" -service
c2c_service.exe 2272 0.14 2,472 K 7,460 K Skype C2C Service Skype Technologies S.A. "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
explorer.exe 1548 0.14 34,904 K 48,388 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
AvastUI.exe 2144 0.14 18,440 K 8,896 K avast! Antivirus AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
XMouseButtonControl.exe 3180 0.28 2,040 K 6,508 K
System 4 0.66 192 K 3,308 K
csrss.exe 548 1.84 1,980 K 9,448 K
Interrupts n/a 4.20 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1516 4.92 47,636 K 23,244 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
procexp64.exe 3240 17.78 32,156 K 38,008 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Tim\Desktop\ProcessExplorer\procexp.exe"
System Idle Process 0 69.33 0 K 24 K
 
Still not right.

Please download Rkill (courtesy of BleepingComputer.com) to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/20/2014 07:40:23 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Update (wuauserv) is not Running.
Startup Type set to: Manual

* WinDefend [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\UxTheme.dll : 332,288 : 07/09/2013 10:18 AM : 8bf20c54ffb37cfb960f708ffa813fa7 [NoSig]
+-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/13/2009 08:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/13/2009 08:41 PM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/13/2009 08:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/20/2014 07:43:44 PM
Execution time: 0 hours(s), 3 minute(s), and 21 seconds(s)
 
Back