Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Blekko Lavasoft search engine removal

(In Progress)
(!)

mosspiglet52's Avatar
mosspiglet52 mosspiglet52 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: May 2013
09-May-2013, 12:52 PM #1
Blekko Lavasoft search engine removal
Hello! I recently downloaded Adaware because I was getting weird ads on sites like youtube, and pandora. After installing Adaware I noticed my search engine changed and even after I changed it back to Google in my settings, I still get Blekko popping up every time I start my browser. I uninstalled anything associated with Adaware that I could find, but this annoying Blekko this is very persistent and it's still hanging around.

I would really appreciate any help

Hijack this:
Running processes:
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\Downloads\OTL.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?so...1925518BD1D65A
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US /HIDEBL
O4 - HKCU\..\Run: [Google Update] "C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
O4 - Startup: Launch Utility Application.lnk = Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: RaMediaServer - Unknown owner - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8978 bytes
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
14-May-2013, 09:08 PM #2
Hello mosspiglet52,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"

= = = = = = = = = = = = = = = = = = = =

1. Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

2. aswMBR

Download aswMBR.exe and save it to your desktop.

Right click and select "Run as Administrator".
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

3. OTL
  • Download OTL to your desktop.
  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.

=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt
mosspiglet52's Avatar
mosspiglet52 mosspiglet52 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: May 2013
16-May-2013, 08:52 PM #3
Thanks so much for taking the time to help! Sorry about the delayed response. Here they are:

Checkup

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.5.4) Firefox out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


aswMBR

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-15 15:52:15
-----------------------------
15:52:15.618 OS Version: Windows x64 6.1.7601 Service Pack 1
15:52:15.618 Number of processors: 6 586 0x102
15:52:15.619 ComputerName: AMBER-PC UserName: Amber
15:52:15.828 Initialize success
15:53:57.576 AVAST engine defs: 13051500
15:54:24.543 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:54:24.546 Disk 0 Vendor: M4-CT128M4SSD2 0309 Size: 122104MB BusType: 3
15:54:24.553 Disk 0 MBR read successfully
15:54:24.556 Disk 0 MBR scan
15:54:24.560 Disk 0 Windows 7 default MBR code
15:54:24.563 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:54:24.567 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
15:54:24.578 Disk 0 scanning C:\Windows\system32\drivers
15:54:27.367 Service scanning
15:54:33.795 Modules scanning
15:54:33.811 Disk 0 trace - called modules:
15:54:33.822 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:54:33.827 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007205060]
15:54:33.831 3 CLASSPNP.SYS[fffff880019d043f] -> nt!IofCallDriver -> [0xfffffa8006afc9b0]
15:54:33.838 5 ACPI.sys[fffff88000ee17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006b2b060]
15:54:34.001 AVAST engine scan C:\Windows
15:54:34.471 AVAST engine scan C:\Windows\system32
15:55:39.832 AVAST engine scan C:\Windows\system32\drivers
15:55:43.059 AVAST engine scan C:\Users\Amber
15:56:48.691 AVAST engine scan C:\ProgramData
15:57:04.190 Scan finished successfully
15:58:08.352 Disk 0 MBR has been saved successfully to "C:\Users\Amber\Desktop\MBR.dat"
15:58:08.357 The log file has been saved successfully to "C:\Users\Amber\Desktop\aswMBR.txt"

(continued)
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
mosspiglet52's Avatar
mosspiglet52 mosspiglet52 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: May 2013
16-May-2013, 08:54 PM #4

OTL

OTL logfile created on: 5/16/2013 9:29:51 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amber\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 76.75% Memory free
8.86 Gb Paging File | 6.72 Gb Available in Paging File | 75.89% Paging File free
Paging file location(s): c:\pagefile.sys 900 1200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 12.46 Gb Free Space | 10.46% Space Free | Partition Type: NTFS
Drive D: | 5.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AMBER-PC | User Name: Amber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Amber\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
PRC - C:\Program Files (x86)\WordWeb\wweb32.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)
PRC - C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()
MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgoogl enaclpluginchrome.dll ()
MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\libgles v2.dll ()
MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl. dll ()
MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegs umo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dab0ad2 d0f5da372a4947d3a1c7c07a9\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5abddd1 112204bd1e3347be519eaa28f\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de 228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9055596 8565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f 107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80 574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d4 9b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c50 6bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673 d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a35 9778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\WordWeb\wweb32.exe ()
MOD - C:\Windows\wweb32.dll ()
MOD - C:\Program Files (x86)\WordWeb\WUCNT.dll ()
MOD - C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll ()
MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll ()
MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RaMediaServer) -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe ()
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = ${SEARCH_URL}{searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?so...1925518BD1D65A
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {114C1FA6-E060-4332-A64C-527F26145118}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{114C1FA6-E060-4332-A64C-527F26145118}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{12D4634F-A243-4067-81D7-0B8B5BE7C26F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN2472955 5362746628&UM=2
IE - HKCU\..\SearchScopes\{2EC4FF41-5CD6-4728-AD7A-837943E94A54}: "URL" = http://mumbojumbo.start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://searchou.com/?affil=7&uid=cfc29256-92ae-11e2-b460-902b34125a4c&q={searchTerms}
IE - HKCU\..\SearchScopes\{42B1EAEF-34B6-464b-B477-BEDF300CBEBC}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{F09B8F3C-E76E-4e38-A406-2B24156D55EA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..browser.startup.homepage: "http://searchou.com/?affil=7&uid=cfc29256-92ae-11e2-b460-902b34125a4c"
FF - prefs.js..extensions.enabledItems: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.13.0.6
FF - prefs.js..extensions.enabledItems: wcapturex@deskperience.com:5.0.4405
FF - prefs.js..keyword.URL: "http://searchou.com/?affil=7&uid=cfc29256-92ae-11e2-b460-902b34125a4c&q="
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"");
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=9EFEE6F812A9CAB53 61925518BD1D65A"
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@stamps.com/Web client plug-in,version=1.1.0.41: C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll (Stamps.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amber\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amber\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Amber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\rvkfq@dhzsq.edu: C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\ex tensions\rvkfq@dhzsq.edu
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/22 01:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/09 13:36:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperien ce.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2012/06/22 00:35:32 | 000,000,000 | ---D | M]

[2012/05/31 04:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amber\AppData\Roaming\Mozilla\Extensions
[2013/05/09 13:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\ex tensions
[2013/05/09 12:42:00 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\ex tensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/03/22 01:10:55 | 000,002,090 | ---- | M] () -- C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\se archplugins\Searchou.xml
[2012/05/31 04:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/22 00:35:32 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES (X86)\WORDWEB\WCAPTUREMOZ
File not found (No name found) -- C:\USERS\AMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MRCIE3SM.DEFAULT\EX TENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
[2013/01/14 17:18:52 | 000,001,467 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober139527.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggesti on}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:insta ntExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogl eNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32 .dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Amber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Bookmarks Menu = C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi\3.4.7_0\
CHR - Extension: Gmail = C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe ()
O4 - Startup: C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
O4 - Startup: C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747A43E3-FE9C-43ED-956F-C451AFF65D2D}: DhcpNameServer = 192.168.43.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/09 14:21:31 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/02/16 18:30:09 | 000,048,912 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/11/22 20:09:03 | 000,000,052 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1dcb36c2-abd8-11e1-add0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1dcb36c2-abd8-11e1-add0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011/02/16 18:30:09 | 000,048,912 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{77aef5a7-f474-11e1-bf97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77aef5a7-f474-11e1-bf97-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{d0789b05-d127-11e1-af64-902b34125a4c}\Shell - "" = AutoRun
O33 - MountPoints2\{d0789b05-d127-11e1-af64-902b34125a4c}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{e19f6dbb-1b8e-11e2-bebb-902b34125a4c}\Shell - "" = AutoRun
O33 - MountPoints2\{e19f6dbb-1b8e-11e2-bebb-902b34125a4c}\Shell\AutoRun\command - "" = E:\SISetup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/15 15:49:53 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Amber\Desktop\aswMBR.exe
[2013/05/10 19:10:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013/05/09 14:21:19 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/05/09 14:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/09 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/05/09 13:39:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Amber\Desktop\OTL.exe
[2013/05/09 12:44:37 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Roaming\LavasoftStatistics
[2013/05/09 12:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/09 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Local\adawarebp
[2013/05/09 12:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/05/09 12:41:59 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Roaming\SecureSearch
[2013/05/09 12:41:32 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/09 11:59:13 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Roaming\SUPERAntiSpyware.com
[2013/05/09 11:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/05/09 11:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/05/09 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/05/08 22:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2013/05/08 22:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013/05/08 22:57:50 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Local\Last.fm
[2013/05/08 22:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2013/05/08 17:43:16 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Local\Programs
[2013/05/01 14:05:56 | 000,000,000 | ---D | C] -- C:\Users\Amber\Desktop\Cryptic Studios
[2013/04/29 13:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codebox
[2013/04/29 13:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter
[2013/04/29 13:31:46 | 000,000,000 | ---D | C] -- C:\Users\Amber\Documents\HooNetMeter
[2013/04/29 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HooTech Net Meter
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/16 21:30:38 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/16 21:30:38 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/16 21:30:38 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/16 21:25:19 | 000,000,374 | -H-- | M] () -- C:\Windows\tasks\MagniPicUpdaterTask{F53A189E-7A95-40CE-9E3B-4104D4D74DB4}.job
[2013/05/16 21:25:18 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/05/16 21:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/16 21:25:11 | 2132,729,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/16 14:47:50 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 14:47:50 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 01:52:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666519262-3164309598-1132915312-1000UA.job
[2013/05/15 15:58:55 | 000,000,559 | ---- | M] () -- C:\Users\Amber\Desktop\MBR.zip
[2013/05/15 15:58:08 | 000,000,512 | ---- | M] () -- C:\Users\Amber\Desktop\MBR.dat
[2013/05/15 15:52:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666519262-3164309598-1132915312-1000Core.job
[2013/05/15 15:51:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Amber\Desktop\aswMBR.exe
[2013/05/15 15:47:41 | 000,890,825 | ---- | M] () -- C:\Users\Amber\Desktop\SecurityCheck.exe
[2013/05/14 11:47:30 | 000,009,204 | ---- | M] () -- C:\Users\Amber\AppData\Local\recently-used.xbel
[2013/05/10 18:39:59 | 000,002,202 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[2013/05/09 14:21:31 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/05/09 13:39:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amber\Desktop\OTL.exe
[2013/05/09 12:41:32 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/09 11:59:12 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/05/09 03:36:27 | 000,896,107 | ---- | M] () -- C:\Users\Amber\Desktop\Notes.rtf
[2013/05/08 22:57:53 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2013/05/08 17:43:24 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/29 13:34:00 | 000,001,174 | ---- | M] () -- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk
[2013/04/18 00:57:47 | 000,241,773 | ---- | M] () -- C:\Users\Amber\Desktop\driving completion.pdf
[2013/04/17 21:47:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/04/16 23:40:56 | 000,000,614 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/15 15:58:55 | 000,000,559 | ---- | C] () -- C:\Users\Amber\Desktop\MBR.zip
[2013/05/15 15:58:08 | 000,000,512 | ---- | C] () -- C:\Users\Amber\Desktop\MBR.dat
[2013/05/15 15:47:35 | 000,890,825 | ---- | C] () -- C:\Users\Amber\Desktop\SecurityCheck.exe
[2013/05/14 11:47:30 | 000,009,204 | ---- | C] () -- C:\Users\Amber\AppData\Local\recently-used.xbel
[2013/05/10 18:39:59 | 000,002,202 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[2013/05/09 14:21:31 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/05/09 11:59:12 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/05/09 03:22:20 | 000,896,107 | ---- | C] () -- C:\Users\Amber\Desktop\Notes.rtf
[2013/05/08 22:57:53 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2013/04/29 13:34:00 | 000,001,174 | ---- | C] () -- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk
[2013/04/18 00:57:47 | 000,241,773 | ---- | C] () -- C:\Users\Amber\Desktop\driving completion.pdf
[2013/04/17 21:47:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/02/05 02:54:55 | 000,000,818 | ---- | C] () -- C:\Users\Amber\.lmmsrc.xml
[2013/01/28 21:58:16 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
[2013/01/26 22:33:10 | 000,000,000 | ---- | C] () -- C:\Users\Amber\.gtk-bookmarks
[2013/01/26 14:52:22 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/26 03:21:01 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/01/20 00:40:37 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2012/10/31 01:00:16 | 000,757,660 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/25 01:51:39 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2012/06/25 01:51:39 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2012/06/25 01:51:39 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2012/06/25 01:51:39 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll
[2012/06/25 01:51:39 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll
[2012/06/25 01:51:39 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012/06/23 18:46:44 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/06/23 18:46:44 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C867251F2F.sys
[2012/06/22 00:35:32 | 002,213,120 | ---- | C] () -- C:\Windows\wweb32.dll
[2012/06/09 03:34:58 | 000,029,184 | ---- | C] () -- C:\Users\Amber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/31 20:12:41 | 000,014,051 | R--- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/05/31 20:12:38 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012/05/31 20:12:38 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012/05/31 20:12:38 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini
[2012/05/31 04:37:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/31 04:31:48 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/31 04:24:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/05/31 04:16:21 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/05/31 04:09:48 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 23:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 23:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/31 21:58:46 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\acccore
[2013/02/21 23:57:01 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Audacity
[2013/03/22 01:12:12 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\AVG2013
[2013/04/29 13:33:39 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\BitMeter2
[2012/10/23 20:59:06 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Canon
[2013/03/08 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\DAoC Portal
[2012/12/03 13:24:45 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\DMCache
[2012/12/27 23:49:54 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\DragonSaga
[2013/03/08 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Electronic Arts
[2012/07/10 02:18:50 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Enterbrain
[2013/01/09 01:11:37 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Felbot
[2013/01/11 01:52:02 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\ICQ-Profile
[2012/12/13 04:36:56 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Leadertech
[2012/06/22 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\LolClient
[2012/06/19 01:40:22 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\LolClient2
[2012/07/30 00:58:28 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Naturalsoft
[2012/05/31 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\NetMeter
[2013/03/22 01:06:24 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Nico Mak Computing
[2013/04/04 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Origin
[2012/06/23 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\ProjectZomboid_LAUNCHER
[2013/05/09 12:41:59 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\SecureSearch
[2012/06/01 01:07:03 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Spacejock Software
[2012/05/31 04:24:57 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Splashtop
[2013/01/28 22:05:41 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Stamps.com Internet Postage
[2012/06/22 00:32:00 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\TheSage
[2013/03/22 01:11:35 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\TuneUp Software
[2012/06/22 04:04:29 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Unity
[2013/04/15 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 23:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2010/11/20 23:24:16 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010/11/20 23:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 23:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 23:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 23:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 23:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2010/11/20 23:24:25 | 002,420,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: M4-CT128M4SSD2 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 119.00GB
Starting Offset: 105906176
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Templates -> Junction

< End of report >
mosspiglet52's Avatar
mosspiglet52 mosspiglet52 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: May 2013
16-May-2013, 08:54 PM #5
Extras
OTL Extras logfile created on: 5/9/2013 1:40:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amber\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.56 Gb Available Physical Memory | 82.23% Memory free
8.86 Gb Paging File | 7.09 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 900 1200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 22.15 Gb Free Space | 18.59% Space Free | Partition Type: NTFS
Drive D: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AMBER-PC | User Name: Amber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0CC85158-03FF-4D17-81D4-34CBF37C2A7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{150543EB-064C-4787-8633-1D864250ED3A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3E54FF26-D9B7-461B-94A5-42D1E99B8E47}" = lport=137 | protocol=17 | dir=in | app=system |
"{4D56542C-1DDF-43C2-89F5-212DBF323720}" = lport=138 | protocol=17 | dir=in | app=system |
"{4EEE03A1-4FDC-48DF-817F-7A84B76516E2}" = rport=137 | protocol=17 | dir=out | app=system |
"{559D0243-B522-4E23-B384-BA15AF4276EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5682A29A-4BD7-497A-8301-09B31D340C20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56988B83-8CF9-48C2-A614-7102F0C7CC6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F7CAF7C-3D66-4399-9071-3A8665A33B46}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68C482E1-90D6-4FA4-AAB4-68E260FF87BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A28D6D3-A596-4970-BC1F-1D2817451FA2}" = rport=139 | protocol=6 | dir=out | app=system |
"{6F1A6A73-26AD-4FBC-BCB2-CB652A1548D5}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{76757DF0-C2A8-4A44-B576-93AEF789F425}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D790909-45D0-4423-A451-F690013EADBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81D78E6E-6594-4B53-8A3C-E75361143FBF}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.x64.exe |
"{83496E66-2F85-4500-934D-998E82AAB475}" = rport=445 | protocol=6 | dir=out | app=system |
"{83B7CBA9-E122-443B-BBB1-5C2F993040EE}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\tools\launcher. exe |
"{872733B4-A721-42E7-B2A2-631668EC2CE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D8E575C-D054-44AE-A9AC-95C334FFB1E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{96D66F35-5EAC-4DB1-9B4F-DF314E6B5139}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B5470B2-3303-4C52-A919-41ED13114A76}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FEFF684-5259-4F9A-855E-F1C9835A90A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A45A5859-DB99-4D12-9AB6-934E47F3D4C2}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{B6AA9670-99DB-4C3A-97AB-7E1F5C842FB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FE9BA3-0C56-4AB5-90D6-68472980A44E}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.exe |
"{C9B62B48-5472-440D-892D-CB01A3688605}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC7C6C42-2D8C-4852-9B47-C24EA0552A4C}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.ex e |
"{E3B51F80-5AAA-4C49-AA9D-6A1F8EB614D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{E75579C0-33ED-4876-841F-175B9267B4B6}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.exe |
"{F7D6B24F-52F0-4346-9B7E-7C46882E8178}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8C3B694-A348-47F5-A36A-A83ADAB2AA52}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\tools\launcher. exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{06568E0C-93F4-454B-B7D4-0D439D3C20F6}" = protocol=17 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.ex e |
"{0A72694C-462B-4C86-920A-0677DBFED5F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CDBE069-8C7F-4889-A191-255172155561}" = protocol=17 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.exe |
"{0DD2D3DC-3F9F-4F66-8D23-C64374AEFE6D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11610C7C-A579-4F56-8FF5-58737AC5D70E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17BB3C2F-DD15-462E-B97B-88768B11D47C}" = protocol=6 | dir=in | app=c:\users\amber\appdata\local\temp\7zs2f2b\hpdiagnosticcoreui.exe |
"{19E25206-F7F8-4A61-BF59-9521B005C598}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C215DFE-10C3-4A90-A139-63F1D3D83FD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1F0F98F2-03B7-471D-860F-850418A19AF0}" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.exe |
"{21D06CF5-46C2-4E51-A723-09CF4D12A4DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DB6E310-AC6B-4772-8A61-2C67D9BBDC2E}" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp |
"{350DBB85-946A-45DA-AFD2-68C511BE5542}" = protocol=17 | dir=in | app=c:\users\amber\appdata\roaming\icqm\icq.exe |
"{384CAAD4-C4A5-4E28-9AD3-BC336547BC4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D1A9CC7-31ED-4565-AE10-D7055527E196}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{4437AA29-017A-46F2-8F98-A00F18A0D10B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4608BBDE-BF0A-4333-9377-FDF5E694776F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{467623C7-8268-40D2-B951-B5CC636E5C40}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{4AD0202E-2E92-4BB6-88FF-59BF4711C6CA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{52543528-7365-4D58-A01B-F0B97C538023}" = protocol=6 | dir=in | app=e:\guild wars 2\gw2.exe |
"{56ECB047-5380-438A-AF74-C9BEF9818F6B}" = protocol=17 | dir=out | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.x64.exe |
"{5BB8F608-6C36-4E4E-A7DD-38C98610906C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{5F94CB59-032C-4AE9-997E-A74307DB7142}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{60BD0C51-6936-4D90-962B-ED0CB2601679}" = protocol=17 | dir=out | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.exe |
"{622E3618-300E-4E6B-A3EF-5502649F8A3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67E6C984-0DAE-42F4-ACB6-155E9F6F04BA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6DB5A0E4-CB5B-4A40-A196-00A289C95BE7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E16E827-BB3D-46A7-9B03-773BB0A69534}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{8B10C416-4E57-4196-9AB4-9A0082B140BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8C28C5FC-21EA-4B33-9B45-C82BCF55CBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{90F89DB0-B09E-4970-AA2C-F7AD2C630372}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{97E071EF-ECF2-4DD2-A9B3-C30209B0DCD5}" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\temp\7zs2f2b\hpdiagnosticcoreui.exe |
"{A14A5272-FC5C-496E-B802-D0EC956F46B9}" = protocol=17 | dir=in | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.x64.exe |
"{A5190BCD-A429-4F0D-B0F8-5D36B6CFAF63}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{A59E7686-1F5F-49D7-8542-BE36C81FAEFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2E7D879-DBAD-472C-9272-68F9DC580581}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4703597-721F-4599-B0B1-0BDF9C325560}" = protocol=6 | dir=in | app=c:\users\amber\appdata\roaming\icqm\icq.exe |
"{C573B5D4-950E-418A-B541-94467C10B129}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7936EF0-9FC0-4A72-9C9B-52001E759285}" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp |
"{D1884902-6244-4880-9E9D-3B19FA5759A8}" = protocol=17 | dir=in | app=e:\guild wars 2\gw2.exe |
"{D6651DFC-F44A-4B06-85E1-62952B4C48FB}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{DCCA4D33-A770-46E3-84CC-31152CDC36C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEE3ACA8-786D-48DF-BABE-2F2DF99C4212}" = protocol=6 | dir=out | app=system |
"{DFBC99DA-52B6-4762-8F66-6991A75C15E6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{E1FF482D-123E-4DED-A8C6-12AB20C64140}" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.ex e |
"{E28387AF-5D9F-4105-8C87-3B2505A8C76B}" = protocol=17 | dir=in | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.exe |
"{E42251B4-A8ED-49F1-AF1C-3CC422465ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EBF2672B-F59A-4087-9BCE-FB0B520DE15A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F03ABD55-2FA7-4355-9932-D8A421182068}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{F08A1E94-2E6E-4F5E-ABD5-1FA7CAB75EEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F6E1653B-DC43-4AC7-8123-53A053FBA5EB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{FBBE2B09-1239-466E-8871-F5CEC8C0D423}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{0914C1FF-8601-4FCE-8297-31B8FC3F60FD}C:\program files (x86)\planetside\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\planetside\planetside2.exe |
"TCP Query User{0F748B85-7F8A-4E42-A6DC-2C5A417A0C0C}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{28C5DC6A-318B-4D31-AD4B-1711A1847978}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"TCP Query User{2F3D0070-B30C-435F-AAE6-5AE3E2F106D6}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{55CC2F9A-39DD-4CB1-943C-892D6D6EF4BE}C:\users\amber\appdata\local\warframe\downloaded\public\warfra me.x64.exe" = protocol=6 | dir=in | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.ex e |
"TCP Query User{61BAE24D-692C-45E6-820A-684DEE360430}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{73279850-0A0A-44A3-B734-59F09E6837FE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{7567AD8E-28E4-4C31-90A9-0628A1538183}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"TCP Query User{7902FF9C-427A-468D-BEF8-B6C391B0A79A}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{81104251-6201-4455-A1E6-5B23A79276B1}C:\program files (x86)\guild wars 2\gw2.tmp" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp |
"TCP Query User{8B2950B9-1881-42B0-8CE0-C86250CD6559}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"TCP Query User{8F420181-3D10-45BC-9D9B-DA647B8C4F57}C:\program files (x86)\planetside\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\planetside\planetside2.exe |
"TCP Query User{91C90F9E-9B64-4913-9966-6D5A1E9B0484}E:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=e:\guild wars 2\gw2.exe |
"TCP Query User{9AA94940-6F2E-4796-B60D-B3E550501FCE}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{9BE68863-30B9-45C0-A98F-F6EE9F7C2F17}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"TCP Query User{9E8FFF9A-22A1-4C6A-AE86-0E747C5D6651}C:\users\amber\appdata\local\temp\f9a44d816f.exe" = protocol=6 | dir=in | app=c:\users\amber\appdata\local\temp\f9a44d816f.exe |
"TCP Query User{A223A274-C864-4BE5-B326-D65B967363A5}C:\users\amber\desktop\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\amber\desktop\planetside 2\planetside2.exe |
"TCP Query User{AD5CD80B-4AC3-461E-9F74-EE176B2EF117}C:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{AFB77A60-48AC-4A83-ADB8-997E9B0515A5}C:\users\amber\desktop\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\amber\desktop\planetside 2\planetside2.exe |
"TCP Query User{B6FADCF8-2CB1-4F3F-AB61-120B7C620C6A}C:\users\amber\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\amber\downloads\neverwinter_nw.1.20130416a.6.exe |
"TCP Query User{BD9D42F1-CF1D-4CCB-82EC-28A22D63BAA0}C:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{C446121D-1892-4E96-87F8-0A5C1882E1B9}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{D188A181-35FF-48F9-92CD-502576264EA2}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{FDC41767-B55F-417B-BCB9-34976DD9C577}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{039A7C58-34B4-4B8F-9EA1-F2552D8BC671}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{2333D852-464A-4A61-BBE0-8E5ED0220C5D}C:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{37B57B1F-28DA-4A48-962C-91FE9CCD2F4E}E:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=e:\guild wars 2\gw2.exe |
"UDP Query User{37D8CD12-D463-4180-8FD8-99F364408A51}C:\users\amber\appdata\local\temp\f9a44d816f.exe" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\temp\f9a44d816f.exe |
"UDP Query User{37F94D38-54A5-4AEB-8AAB-3CA506AFB3E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{4F1C1220-773A-44D7-BDF8-9DC8E485469F}C:\users\amber\desktop\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\amber\desktop\planetside 2\planetside2.exe |
"UDP Query User{59E8E24B-1448-4B61-8256-CA7640BA3933}C:\users\amber\appdata\local\warframe\downloaded\public\warfra me.x64.exe" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.ex e |
"UDP Query User{6032BCBB-C66B-41F9-8281-C4BB69D687A4}C:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{75C224B9-9B2C-4851-ADB5-2F53F374BC23}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"UDP Query User{82AAE145-C925-4608-8FD4-AC70DF513709}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"UDP Query User{93FFCB53-000B-464C-8D80-77D8A153632B}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{A8B3BD0A-7C00-4EAF-BD67-1F63110B9462}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{B0C840E6-1942-4D18-8421-80ABE8967B2C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{C6D7B3D6-188F-47A6-BA4D-2B931EAE31B1}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"UDP Query User{C72D342D-A4F1-4338-B733-7F07D3374419}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{C9D9B7B1-46A9-4C83-96AA-0827DB3626E4}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{CB76D41B-9163-4634-919C-8E311F732148}C:\users\amber\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\amber\downloads\neverwinter_nw.1.20130416a.6.exe |
"UDP Query User{CDFEDB9E-834A-482B-A1C9-A154E5E1209F}C:\program files (x86)\planetside\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\planetside\planetside2.exe |
"UDP Query User{CF308FF6-B9F2-492F-829C-856B6A1F5399}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{E2F0CE4E-A9D7-4D0E-856C-98DE91B0515C}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"UDP Query User{E70D9447-B583-4055-9998-4A41378C09B6}C:\program files (x86)\planetside\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\planetside\planetside2.exe |
"UDP Query User{F94AFE5C-263D-4E1E-92E0-F4594D1DD4D8}C:\program files (x86)\guild wars 2\gw2.tmp" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp |
"UDP Query User{FDB5AD73-01ED-4EC7-B236-41FE7287C471}C:\users\amber\desktop\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\amber\desktop\planetside 2\planetside2.exe |
"UDP Query User{FFF33AE0-4656-4780-96F4-F3F56627A746}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{115C101B-99FC-B3D0-753B-3FF6AF5A1859}" = AMD Drag and Drop Transcoding
"{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
"{8BF6C901-8C9D-C663-F997-EC95A2CCA228}" = AMD AVIVO64 Codecs
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders
"{B457D49F-00E2-0FF2-4234-C20FC0702E2E}" = AMD Fuel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.0
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
"{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
"{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19B54068-29AC-4C63-B23E-437329EE8258}" = Stamps.com Web Postage Plug-in
"{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
"{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy
"{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
"{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = AMD VISION Engine Control Center
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.1124.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
"{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
"{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
"{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
"{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
"{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
"{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
"{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
"{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C5E7BF75-007E-44AD-8962-627ED44CB63B}" = NaturalReaderFree
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D82BEF61-A0DA-4B2F-B53C-038310FB32EB}" = HydraVision
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E63EBE-DFAC-4925-A343-531DCB4630AF}" = TurboTax 2012 wsciper
"{FC4DE34E-DA9E-4F02-9837-2E65F73A0234}" = Verizon Wireless Software Utility Application for Android - Samsung
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 2.0
"BitMeter" = BitMeter
"Felbot" = Felbot v1.2.1
"Fraps" = Fraps
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.20
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.1124.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Origin" = Origin
"RGSS-RTP Standard_is1" = RGSS-RTP Standard
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"Stamps.com" = Stamps.com
"Stamps.com Web Postage Plug-in" = Stamps.com Web Postage Plug-in
"TheSage" = TheSage
"TurboTax 2012" = TurboTax 2012
"uTorrent" = µTorrent
"WordWeb" = WordWeb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1666519262-3164309598-1132915312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Google Chrome" = Google Chrome
"SOE-C:/Program Files (x86)/Planetside" = gamelauncher-ps2-live (x86)-Planetside
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 5/9/2013 12:45:29 PM | Computer Name = Amber-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/9/2013 12:56:11 PM | Computer Name = Amber-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/9/2013 1:32:12 PM | Computer Name = Amber-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/9/2013 1:37:36 PM | Computer Name = Amber-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2013 1:32:07 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
%%2

Error - 5/9/2013 1:37:32 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
%%2


< End of report >
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
16-May-2013, 09:14 PM #6
Hi mosspiglet52,

1. P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

2. AdwCleaner

Download AdwCleaner to your desktop.

Right click and select "Run as Administrator".
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

=========================

3. RogueKiller

Download to your desktop RogueKiller (by tigzy)

Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan, Do Not Fix Anything at this point.
  • Click the Report button, save the report to your desktop
=========================

In your next post please provide the following:
  • AdwCleaner.txt
  • RogueKiller log
  • How is the computer running at the moment?
mosspiglet52's Avatar
mosspiglet52 mosspiglet52 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: May 2013
17-May-2013, 10:40 PM #7
I am not getting the Blekko search engine every time I start up my browser, but I am getting around 200 alerts on my Superantispyware every time I run it, despite deleting the threats they reappear every time I run the scan.

Adwcleaner:

# AdwCleaner v2.301 - Logfile created 05/17/2013 at 22:07:23
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Amber - AMBER-PC
# Boot Mode : Normal
# Running from : C:\Users\Amber\Desktop\AdwCleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v3.5.4 (en-US)

File : C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\pr efs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19230 octets] - [09/05/2013 13:35:44]
AdwCleaner[S1].txt - [19658 octets] - [09/05/2013 13:36:16]
AdwCleaner[S2].txt - [1117 octets] - [17/05/2013 00:16:15]
AdwCleaner[S3].txt - [322 octets] - [17/05/2013 22:04:43]
AdwCleaner[S4].txt - [1183 octets] - [17/05/2013 22:05:08]
AdwCleaner[S5].txt - [1114 octets] - [17/05/2013 22:07:23]

########## EOF - C:\AdwCleaner[S5].txt - [1174 octets] ##########


Roguekiller:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Amber [Admin rights]
Mode : Scan -- Date : 05/17/2013 22:10:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] UtilityApplication.exe -- C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> FOUND
[TASK][SUSP PATH] MagniPicUpdaterTask{F53A189E-7A95-40CE-9E3B-4104D4D74DB4}.job : C:\ProgramData\Premium\MagniPic\MagniPic.exe /schedule /profile "C:\ProgramData\Premium\MagniPic\profile.ini" [x] -> FOUND
[STARTUP][SUSP PATH] Launch Utility Application.lnk @Amber : C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [-] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 0dcb0ddb58bfd869719026f485220ac6
[BSP] dcca503860d8ed5c3937acb4bb396d2f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_05172013_02d2210.txt >>
RKreport[1]_S_05172013_02d0021.txt ; RKreport[2]_S_05172013_02d2210.txt
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
17-May-2013, 10:58 PM #8
Hi mosspiglet52,

1. AdwCleaner log

Please locate this AdwCleaner log and post it in your next reply.

C:\AdwCleaner[S1].txt

=========================

2. Re-run RogueKiller

Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan.
  • After the scan has completed click on the Registry tab
  • Place a check mark next to each of the following entries:

    • [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> FOUND
      [TASK][SUSP PATH] MagniPicUpdaterTask{F53A189E-7A95-40CE-9E3B-4104D4D74DB4}.job : C:\ProgramData\Premium\MagniPic\MagniPic.exe /schedule /profile "C:\ProgramData\Premium\MagniPic\profile.ini" [x] -> FOUND
      [STARTUP][SUSP PATH] Launch Utility Application.lnk @Amber : C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [-] -> FOUND
      [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
      [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
      [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
      [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND
      [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
      [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
  • Remove the check mark from all other entries listed
  • Click the Delete button
  • Click the Report button, save the report to your desktop

=========================

3. Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:
  • AdwCleaner[S1].txt
  • RogueKiller log
  • OTL.txt
  • How is the computer running?
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
20-May-2013, 09:10 PM #9
Hi mosspiglet52,

Just checking in to see if you still need help or need additional time to complete the steps requested?
OCD's Avatar
OCD OCD is offline OCD is authorized to help remove malware.
Malware Removal Specialist with 273 posts.
 
Join Date: Sep 2012
Location: Florida
23-May-2013, 12:12 AM #10
Hi mosspiglet52,

Due to lack of feedback I am unsubscribing from the topic. If you should require help in the future please start a new topic.

OCD
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2