Solved Multiple computer issues

========== Files - Modified Within 30 Days ==========

[2014/03/20 11:58:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2014/03/20 11:57:03 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/20 11:57:03 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/20 11:49:58 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/20 11:49:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/20 11:47:57 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/20 11:42:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/20 11:39:24 | 000,794,686 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/20 11:39:24 | 000,675,960 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/20 11:39:24 | 000,129,036 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/20 11:15:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/20 11:14:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/19 14:18:11 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\User\Desktop\JRT.exe
[2014/03/19 12:47:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/19 11:15:43 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/18 17:56:51 | 000,007,597 | ---- | M] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2014/03/18 16:28:41 | 000,001,401 | ---- | M] () -- C:\Users\User\Documents\system spec.csv
[2014/03/17 18:21:15 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/17 18:12:02 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/03/17 11:23:41 | 000,042,346 | ---- | M] () -- C:\Users\User\Desktop\FFD+Fact+Sheet+v6.pdf
[2014/03/15 20:27:14 | 000,148,654 | ---- | M] () -- C:\Users\User\Documents\ViewerX.alb
[2014/03/15 20:26:37 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2014/03/15 02:16:07 | 005,086,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/13 15:42:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/13 15:42:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/11 22:30:25 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/03/10 13:06:53 | 000,594,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/03/10 13:06:53 | 000,572,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/03/10 13:06:53 | 000,553,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/03/10 13:06:53 | 000,528,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/03/10 13:06:53 | 000,510,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/03/10 13:06:53 | 000,508,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/03/10 13:06:53 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/03/10 13:06:53 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/03/10 13:06:53 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/03/10 13:06:53 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/03/10 13:06:52 | 000,658,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/03/10 13:06:52 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/03/10 13:06:52 | 000,552,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/03/10 13:06:52 | 000,488,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/03/10 13:06:52 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/03/10 13:06:52 | 000,423,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/03/10 13:06:52 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/03/10 13:06:10 | 000,376,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/03/08 02:11:47 | 000,174,080 | ---- | M] () -- C:\Users\User\Desktop\hbn1.pub
[2014/03/08 02:10:16 | 000,174,592 | ---- | M] () -- C:\Users\User\Desktop\hbn.pub
[2014/03/06 18:58:05 | 001,958,151 | ---- | M] () -- C:\Users\User\Documents\task.pdf
[2014/03/06 16:20:10 | 000,004,038 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2014/03/01 16:16:26 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/01 15:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/01 15:51:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/01 15:40:43 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/01 15:37:12 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/01 15:33:52 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/01 15:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/01 15:32:59 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/01 15:23:49 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/01 15:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/01 15:02:07 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/01 14:54:33 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/01 14:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/01 14:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/01 14:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/01 14:42:12 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/01 14:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/01 14:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/01 14:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/01 14:35:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/01 14:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/01 14:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/01 13:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/01 13:25:22 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/27 21:55:34 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2014/02/27 18:04:40 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2014/02/27 18:04:40 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2014/02/20 17:08:38 | 002,346,186 | ---- | M] () -- C:\Users\User\Desktop\TechnicLauncher.exe
[2014/02/20 10:39:45 | 000,123,704 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\jraid.sys
[2014/02/20 10:38:36 | 000,888,536 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/02/20 10:38:36 | 000,107,552 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2014/02/20 10:38:36 | 000,073,800 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2014/02/20 10:32:23 | 018,310,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/02/20 10:32:23 | 015,877,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/02/20 10:32:22 | 011,554,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/02/20 10:32:22 | 009,657,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/02/20 10:32:21 | 030,372,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/02/20 10:32:20 | 022,960,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/02/20 10:32:19 | 000,882,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/02/20 10:32:19 | 000,879,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/02/20 10:32:19 | 000,852,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/02/20 10:32:19 | 000,847,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/02/20 10:32:19 | 000,023,754 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/02/20 10:32:17 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433221.dll
[2014/02/20 10:32:17 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433221.dll
[2014/02/20 10:32:16 | 018,222,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/02/20 10:32:16 | 015,230,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014/02/20 10:32:15 | 003,132,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/02/20 10:32:15 | 003,125,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/02/20 10:32:15 | 002,947,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/02/20 10:32:15 | 002,747,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/02/20 10:32:14 | 011,605,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/02/20 10:32:14 | 009,700,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/02/20 10:32:13 | 025,257,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/02/20 10:32:13 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/02/20 10:32:12 | 003,071,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014/02/20 10:32:12 | 002,698,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/02/20 10:25:52 | 002,103,040 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/02/20 10:25:47 | 002,810,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/02/20 10:25:47 | 001,958,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/02/20 10:25:45 | 002,588,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/02/20 10:25:45 | 000,618,200 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2014/02/20 10:25:44 | 001,286,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/02/20 10:25:44 | 000,693,385 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/02/20 10:25:43 | 000,153,304 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2014/02/20 10:25:42 | 000,397,592 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2014/02/20 10:25:38 | 002,036,992 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/02/20 10:25:38 | 001,013,504 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/18 16:28:41 | 000,001,401 | ---- | C] () -- C:\Users\User\Documents\system spec.csv
[2014/03/17 11:23:41 | 000,042,346 | ---- | C] () -- C:\Users\User\Desktop\FFD+Fact+Sheet+v6.pdf
[2014/03/15 20:23:56 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2014/03/11 22:30:25 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/03/08 02:11:45 | 000,174,080 | ---- | C] () -- C:\Users\User\Desktop\hbn1.pub
[2014/03/08 02:10:15 | 000,174,592 | ---- | C] () -- C:\Users\User\Desktop\hbn.pub
[2014/03/06 18:58:16 | 001,958,151 | ---- | C] () -- C:\Users\User\Documents\task.pdf
[2014/02/20 17:08:25 | 002,346,186 | ---- | C] () -- C:\Users\User\Desktop\TechnicLauncher.exe
[2014/02/20 10:32:19 | 000,023,754 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/02/20 10:25:44 | 000,693,385 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013/11/10 12:16:22 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/09/11 18:13:49 | 000,780,154 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/19 19:27:38 | 000,000,496 | ---- | C] () -- C:\Windows\eReg.dat
[2013/02/08 20:43:24 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/12/10 13:59:35 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2012/12/08 07:42:16 | 000,007,597 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2012/09/30 16:11:11 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/09/30 16:11:11 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/09/30 16:11:11 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/09/30 16:11:11 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/09/30 16:11:11 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/09/30 16:11:11 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/09/30 16:11:11 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/09/30 16:11:11 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/09/30 16:11:11 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/09/30 16:11:11 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/09/30 16:11:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/09/30 16:11:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/09/30 16:11:11 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/09/30 16:11:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/09/30 16:11:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/09/30 16:11:11 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/09/30 16:11:11 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/09/30 16:11:11 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/09/30 16:11:11 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/09/19 23:51:53 | 000,000,038 | ---- | C] () -- C:\Windows\Approach.ini
[2012/09/19 23:51:51 | 000,000,097 | ---- | C] () -- C:\Windows\lotus.ini
[2012/08/30 15:57:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 13:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 14:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720
< End of report >
 
OTL Extras logfile created on: 20/03/2014 11:58:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.42 Gb Available Physical Memory | 73.61% Memory free
12.00 Gb Paging File | 10.24 Gb Available in Paging File | 85.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 516.18 Gb Free Space | 55.42% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0269382B-AC0F-4F87-A57D-0E94BA9BFA5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{063F2B86-55F1-4760-BF4E-CE226F1DC1F8}" = rport=138 | protocol=17 | dir=out | app=system |
"{141FA171-8CCD-4A3A-B7E7-3E193E41D876}" = lport=138 | protocol=17 | dir=in | app=system |
"{172F2629-751E-46A9-8C4F-A68D697D7C4E}" = lport=139 | protocol=6 | dir=in | app=system |
"{1D92153B-60AB-471F-90B6-4C43B1C90031}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3E776D42-4612-4BEB-8CA3-CBC6A9D70263}" = rport=137 | protocol=17 | dir=out | app=system |
"{4C0C8489-6B08-402F-B0A5-E0CD8D18F8FD}" = lport=445 | protocol=6 | dir=in | app=system |
"{544AFD49-ADD4-4FEC-B4C4-0D019A50C8BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{5A9629EE-A384-4005-AAA3-859FA502F42E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6463C92C-2FBE-4226-BB13-33328FCB188E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{660E9766-8546-46F8-99EF-5E5CD34FC4A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6812231C-1B0E-4E06-919C-F793F9E4A69D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7478164D-429F-4423-B544-6AE53CEE2C56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78274DF8-0E76-4346-8347-29B8BDC313F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{994653AF-9BA1-4316-9B1D-F7F6CC4466A4}" = rport=445 | protocol=6 | dir=out | app=system |
"{9ECAC070-7CE0-476C-971B-A641354023EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A50A6CB4-3BFE-417E-B443-127EA439268E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{BD38320C-8152-4B5D-A1E8-F4727D73A37C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C4472A2C-9C0A-43A2-A447-377AD5A4E08E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C909C657-ACE4-4935-A1C4-831681ADDA16}" = rport=139 | protocol=6 | dir=out | app=system |
"{D1EF7344-9F94-4273-A121-053BA924F3E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D33B73DD-7C35-4604-B8C9-653359DCE803}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECF0B707-45CD-4D96-B06F-EFCF700A6C3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBDF700A-0C5A-49F9-AC20-441B335C9884}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066C9902-3C6B-433C-8DF8-6A7331F4CE32}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{06742A01-88CE-4A30-91BE-B6D2A54B6D7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1101BB96-4D9E-422B-9B9A-2E0BAA9B8330}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1262E24C-D8D6-430F-B9CF-F03C5484A51F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{157162F2-921E-409A-A540-03B89A655A89}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{16D7645C-7C37-4A0F-B41E-630B3D878131}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{17B49C72-56E5-44B5-9D9E-EBE5354D3BE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{1BAB9C7E-8EA4-4B25-9DFA-BD60C79E23D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{1BE46976-59E1-44DC-8780-A47EE518EBDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BF73B5A-2484-48D2-8706-194EE97AE6DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1EE61DE3-9D60-4B77-A44A-FC95268DC243}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{24F8A47C-30C8-4856-85B6-996FFDFE7C71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{25837E3D-84D2-4F65-B50F-260B80138193}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{27A057A4-5597-4936-A85C-F4A600205220}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A16F7FF-E638-4BE9-8B0A-B1C974689CB5}" = protocol=6 | dir=out | app=system |
"{2B5D9712-2D1A-43FE-9771-FB21A3D44747}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{340B1482-1236-4245-A045-85F1C194A2E3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3CB43A4B-2867-4DCA-A7DB-852522F4E385}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\nsrb2dd.tmp\dynamicoffer1\bundlesweetimsetup.exe |
"{4A329874-1293-432F-A599-83505FC29B32}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{4C9A93FB-62F5-4127-83E3-5AFEEA9D6568}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5BC462A0-D88D-4974-82F2-DED5CACA623D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EFD0F13-ECB4-4DF3-AD13-9C71C84611E0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6072E1A4-2A6A-41CC-B58E-01FAF06C702C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{664E0E31-FC56-446C-A959-21D5B9B7C07A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{6853C032-04D0-4149-AF76-565C4371C810}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6BA92725-174D-411E-B305-D36CBB1AC20E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CC3D038-4C82-45C6-B356-37006AEEF754}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70F3B426-6062-457E-80DB-9DC1FEE4094D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73A81ABF-5855-484B-9C90-B1B528B300C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7466D2B2-A8B5-4920-AC8F-65C25B8907DD}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{7EF066A2-D0CB-4AC0-8450-92B7C9FE43F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{83E85B89-BA5C-406E-BE31-3825463659C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88595801-E579-41B4-8621-8F0873D50831}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{8C319393-1B1B-4CD1-8BC0-E131460E5E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{8F872E26-187A-4E83-9CCE-CD0DD6DDBF6B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{98D8DEB3-13B1-4212-842D-5E79B2EDF666}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\nsrb2dd.tmp\dynamicoffer1\bundlesweetimsetup.exe |
"{9911B789-6226-4D84-AF1F-0679A66F4A3A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9C4DC23B-2D0E-404E-A779-A6FC23409D27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D3F86A1-23AE-4F79-BBA5-6C834BBF7989}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{9FE5D9FA-2790-4E2E-8C35-EE1EC16CC7B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{A6D0D65C-657B-45EC-8D2D-B2F3D3638D95}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{A72FA530-E68C-40D3-A948-D3464A03DA42}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{A7313090-5FBD-4B5F-AE30-9E4AE8A127FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{AB69E361-B3F0-4D33-B7F6-57824FA214A8}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B0927CB4-DEF8-4E86-8E29-F06D7FF40D56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B3293CBC-3882-4C4D-A9DA-6083E777DA8D}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{BE93D12A-1368-43B5-BBE7-A5D0EE5FDA84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{C267931D-2A0E-4E17-9F69-B1C6EFB97D01}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{C5C1EAB6-0CE9-43AC-B399-15E51DEB4999}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8AC42D7-63D0-413E-846B-0C228BFBE247}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{CCF9A499-CE0B-413D-8347-C673AB9AF696}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CE25CA8D-811D-4B28-89E3-892959048FF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D760602F-3EEC-4ECA-8D93-EC96E3532A47}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{D9E915D9-AB59-4EBB-84AD-4626FEAB05C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7C5E467-4F91-4342-A17F-3E41613AE456}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{F0609233-6AD8-4A17-8836-6FA5387C48E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F0A7760F-BBA9-4A3A-9035-3014AF36FB6F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F397D483-CA68-4EA7-9384-09037FC363C5}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{F42D0918-B248-4F31-8967-3022BEBCD4E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F534F596-4255-4AB7-9387-F9CCEB944FBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"TCP Query User{01D5CD63-EBAD-4D8C-B8A0-32AB4E69D6A3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{0C84209F-B970-420F-84EA-84AABEEAB7B0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{13F856CA-8ADB-4866-8BFF-CF90E7FBC705}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{3502FDF5-B244-46D4-A4F4-1FCD4A06EC88}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |
"TCP Query User{42EAE24A-2954-469D-902C-8103113DA45F}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{6A9F837C-BCD8-44C4-8AB3-BEC13A433867}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{C4FD0774-5246-4325-A66A-AE44028AEAE7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{D09907E6-34E8-4EE3-B2B1-9C884FC8B356}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{EFC93F7F-37EC-402A-8837-9DF42F78144E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{1CFA6793-B7E0-4B46-9146-E4683913C160}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{40E756EC-9FD2-4C08-A795-69EEC6C58F16}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |
"UDP Query User{8B584DA6-A1D2-43EC-8832-97A3FE84096F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{8DC71D12-E24A-49DA-883B-E3AF5682BD5C}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{9A9A0DF6-A1CD-4AF3-9BC5-DF586496D19C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{A1953923-8A64-496B-9CCA-066CA8D85EBC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{A23B48DB-7BFA-4458-B50A-F2A6C31EFC1F}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{A2E24E52-0514-439C-9FFC-3F51DAC145EB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{C6917C1F-B04C-478B-8A6D-4E9199E6592E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B26449A6-6007-4460-B4FE-C4776115BCEA}" = Epson Customer Research Participation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}" = WinZip 17.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
"5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
"CutePDF Writer Installation" = CutePDF Writer 3.0
"EPSON Remote Print" = EPSON Remote Print Uninstall
"EPSON XP-850 Series" = EPSON XP-850 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 5.00 beta 7 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2A36014E-DF1D-4840-A209-3185B17BFC71}" = BigPond Broadband ADSL
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}" = Software Updater
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}" = Epson Event Manager
"{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}" = Epson E-Web Print
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF14233-FE39-4671-A38E-76FD8F24A879}" = e-tax 2013
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"BitRaider Web Client" = BitRaider Web Client
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DailyFitnessCenter_53bar Uninstall Firefox" = Daily Fitness Center Firefox Toolbar
"Epson Connect Guide" = Epson Connect Guide
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"SmartSuite V97.0" = Lotus SmartSuite 97
"SSC Service Utility_is1" = SSC Service Utility v4.20
"Steam App 105600" = Terraria
"Steam App 440" = Team Fortress 2
"VDC_is1" = Video Download Converter version 1.0.0.0
"XP-850 Series Netg" = Epson Network Guide XP-850 Series
"XP-850 Series Useg" = Epson User's Guide XP-850 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for User

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/03/2014 1:31:38 AM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/03/2014 6:23:58 AM | Computer Name = User-PC | Source = MsiInstaller | ID = 1002
Description =

Error - 19/03/2014 6:00:52 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/03/2014 6:28:58 PM | Computer Name = User-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

Error - 19/03/2014 8:18:21 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/03/2014 8:36:19 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/03/2014 8:43:19 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/03/2014 8:50:02 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 19/03/2014 8:10:12 PM | Computer Name = User-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19/03/2014 8:10:14 PM | Computer Name = User-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19/03/2014 8:37:07 PM | Computer Name = User-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19/03/2014 8:37:08 PM | Computer Name = User-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19/03/2014 8:37:46 PM | Computer Name = User-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19/03/2014 8:43:09 PM | Computer Name = User-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19/03/2014 8:43:10 PM | Computer Name = User-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19/03/2014 8:43:29 PM | Computer Name = User-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19/03/2014 8:52:04 PM | Computer Name = User-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >
 
Farbar Service Scanner Version: 25-02-2014
Ran by User (administrator) on 20-03-2014 at 13:05:14
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
When I ran the OTl custom scan it would not reboot the pc. it came back on but was on a black screen I rebooted it twice before it worked. now ok. I have also completely removed trend micro. still to run eset. will do that now
 
OTL log is incorrect.
You clicked on "Scan" button instead of "Fix" button.
Re-read my instructions and redo.
 
Thanks for picking that up. I did do scan then I put the data in and did fix next it rebooted but I didn't realise it was the wrong report I posted. Sorry. Not sure it did a second report I will look or I will run the fix again.
 
All processes killed
========== OTL ==========
Error: No service named Amsp was found to stop!
Service\Driver key Amsp not found.
File C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000001 not found.
Starting removal of ActiveX control {0742B9EF-8C83-41CA-BFBA-830A59E23533}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Unable to delete ADS C:\ProgramData\Temp:373E1720 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13172456 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 182130 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: hedev

User: Public

User: UpdatusUser

User: User
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hedev

User: Public

User: UpdatusUser

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03202014_163744
Files\Folders moved on Reboot...
File move failed. C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Windows\temp\officeclicktorun.exe_c2ruidll(2014032012224056C).log moved successfully.
C:\Windows\temp\officeclicktorun.exe_streamserver(2014032012224056C).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\temp\USER-PC-20140320-1222.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
ESET text file:

C:\Users\User\Desktop\Anastcia\other\autorun.inf INF/Autorun.T worm cleaned by deleting - quarantined
 
Thankyou for your patience. I thought it didn't produce one as I couldn't find it. I just reran it
Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader XI
Mozilla Firefox (Center.)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
I have done the above steps. I have just reinstalled the trend micro. ( they gave me the new 2014 version to use till my subscription runs out mid year) I have run a scan. only some cookies came up.
Date/TimeThreatSourceAffected FilesResponseDetected By
22/03/2014 1:02Cookie_RevsciCookierevsci.netRemovedManual Scan
22/03/2014 1:02Cookie_BurstNetCookieburstnet.comRemovedManual Scan
22/03/2014 1:02Cookie_OvertureCookieoverture.comRemovedManual Scan
22/03/2014 1:02Cookie_AdvertisingCookieadvertising.comRemovedManual Scan
22/03/2014 1:02Cookie_ProfilingCookieru4.comRemovedManual Scan
 
Last edited:
You must log in or register to reply here.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
801
losdavos
losdavos
N
Issue with Dark and Light settings in forums mode
Replies
4
Views
648
Neatfeatguy
N
J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni

Latest posts

Back