1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Blekko Lavasoft search engine removal

Discussion in 'Virus & Other Malware Removal' started by mosspiglet52, May 9, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. mosspiglet52

    mosspiglet52 Thread Starter

    Joined:
    May 9, 2013
    Messages:
    5
    Hello! I recently downloaded Adaware because I was getting weird ads on sites like youtube, and pandora. After installing Adaware I noticed my search engine changed and even after I changed it back to Google in my settings, I still get Blekko popping up every time I start my browser. I uninstalled anything associated with Adaware that I could find, but this annoying Blekko this is very persistent and it's still hanging around.

    I would really appreciate any help

    Hijack this:
    Running processes:
    C:\Program Files (x86)\AIM\aim.exe
    C:\Program Files (x86)\WordWeb\wweb32.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\Ralink\Common\RaUI.exe
    C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
    C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\Downloads\OTL.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?s...retb&v=2_5&u=9EFEE6F812A9CAB5361925518BD1D65A
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
    O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US /HIDEBL
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
    O4 - Startup: Launch Utility Application.lnk = Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    O23 - Service: RaMediaServer - Unknown owner - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8978 bytes
     
  2. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hello mosspiglet52,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:


    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Important Note for Vista and Windows 7 users:

    These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    = = = = = = = = = = = = = = = = = = = =

    1. Security Check

    Download Security Check by screen317 from here or here.

    • Save it to your Desktop.
    • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    =========================

    2. aswMBR

    Download aswMBR.exe and save it to your desktop.

    Right click and select "Run as Administrator".

    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click Scan
      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
    =========================

    3. OTL

    • Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    =========================

    In your next post please provide the following:

    • checkup.txt
    • aswMBR.txt
    • attach MBR.zip
    • OTL.txt
    • Extras.txt
     
  3. mosspiglet52

    mosspiglet52 Thread Starter

    Joined:
    May 9, 2013
    Messages:
    5
    Thanks so much for taking the time to help! Sorry about the delayed response. Here they are:

    Checkup

    Results of screen317's Security Check version 0.99.63
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 7
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (3.5.4) Firefox out of Date!
    Google Chrome 26.0.1410.43
    Google Chrome 26.0.1410.64
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````


    aswMBR

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-05-15 15:52:15
    -----------------------------
    15:52:15.618 OS Version: Windows x64 6.1.7601 Service Pack 1
    15:52:15.618 Number of processors: 6 586 0x102
    15:52:15.619 ComputerName: AMBER-PC UserName: Amber
    15:52:15.828 Initialize success
    15:53:57.576 AVAST engine defs: 13051500
    15:54:24.543 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    15:54:24.546 Disk 0 Vendor: M4-CT128M4SSD2 0309 Size: 122104MB BusType: 3
    15:54:24.553 Disk 0 MBR read successfully
    15:54:24.556 Disk 0 MBR scan
    15:54:24.560 Disk 0 Windows 7 default MBR code
    15:54:24.563 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    15:54:24.567 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
    15:54:24.578 Disk 0 scanning C:\Windows\system32\drivers
    15:54:27.367 Service scanning
    15:54:33.795 Modules scanning
    15:54:33.811 Disk 0 trace - called modules:
    15:54:33.822 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    15:54:33.827 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007205060]
    15:54:33.831 3 CLASSPNP.SYS[fffff880019d043f] -> nt!IofCallDriver -> [0xfffffa8006afc9b0]
    15:54:33.838 5 ACPI.sys[fffff88000ee17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006b2b060]
    15:54:34.001 AVAST engine scan C:\Windows
    15:54:34.471 AVAST engine scan C:\Windows\system32
    15:55:39.832 AVAST engine scan C:\Windows\system32\drivers
    15:55:43.059 AVAST engine scan C:\Users\Amber
    15:56:48.691 AVAST engine scan C:\ProgramData
    15:57:04.190 Scan finished successfully
    15:58:08.352 Disk 0 MBR has been saved successfully to "C:\Users\Amber\Desktop\MBR.dat"
    15:58:08.357 The log file has been saved successfully to "C:\Users\Amber\Desktop\aswMBR.txt"

    (continued)
     

    Attached Files:

    • MBR.zip
      File size:
      559 bytes
      Views:
      0
  4. mosspiglet52

    mosspiglet52 Thread Starter

    Joined:
    May 9, 2013
    Messages:
    5

    OTL

    OTL logfile created on: 5/16/2013 9:29:51 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amber\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 76.75% Memory free
    8.86 Gb Paging File | 6.72 Gb Available in Paging File | 75.89% Paging File free
    Paging file location(s): c:\pagefile.sys 900 1200 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119.14 Gb Total Space | 12.46 Gb Free Space | 10.46% Space Free | Partition Type: NTFS
    Drive D: | 5.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: AMBER-PC | User Name: Amber | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Amber\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
    PRC - C:\Program Files (x86)\WordWeb\wweb32.exe ()
    PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
    PRC - C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)
    PRC - C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
    PRC - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
    PRC - C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
    PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
    PRC - C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()
    MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
    MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
    MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
    MOD - C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dab0ad2d0f5da372a4947d3a1c7c07a9\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5abddd1112204bd1e3347be519eaa28f\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\WordWeb\wweb32.exe ()
    MOD - C:\Windows\wweb32.dll ()
    MOD - C:\Program Files (x86)\WordWeb\WUCNT.dll ()
    MOD - C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll ()
    MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll ()
    MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
    SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (RaMediaServer) -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe ()
    SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.)
    SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
    SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
    SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
    DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
    DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
    DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
    DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
    DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
    DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
    DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = ${SEARCH_URL}{searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?s...retb&v=2_5&u=9EFEE6F812A9CAB5361925518BD1D65A
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\..\SearchScopes,DefaultScope = {114C1FA6-E060-4332-A64C-527F26145118}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{114C1FA6-E060-4332-A64C-527F26145118}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
    IE - HKCU\..\SearchScopes\{12D4634F-A243-4067-81D7-0B8B5BE7C26F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN24729555362746628&UM=2
    IE - HKCU\..\SearchScopes\{2EC4FF41-5CD6-4728-AD7A-837943E94A54}: "URL" = http://mumbojumbo.start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
    IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://searchou.com/?affil=7&uid=cfc29256-92ae-11e2-b460-902b34125a4c&q={searchTerms}
    IE - HKCU\..\SearchScopes\{42B1EAEF-34B6-464b-B477-BEDF300CBEBC}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
    IE - HKCU\..\SearchScopes\{F09B8F3C-E76E-4e38-A406-2B24156D55EA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
    IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
    FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
    FF - prefs.js..browser.startup.homepage: "http://searchou.com/?affil=7&uid=cfc29256-92ae-11e2-b460-902b34125a4c"
    FF - prefs.js..extensions.enabledItems: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.13.0.6
    FF - prefs.js..extensions.enabledItems: [email protected]:5.0.4405
    FF - prefs.js..keyword.URL: "http://searchou.com/?affil=7&uid=cfc29256-92ae-11e2-b460-902b34125a4c&q="
    FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
    FF - prefs.js..browser.search.order.1: "Privitize VPN"");
    FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
    FF - prefs.js..browser.search.order.1: "Privitize VPN"
    FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
    FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=9EFEE6F812A9CAB5361925518BD1D65A"
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@stamps.com/Web client plug-in,version=1.1.0.41: C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll (Stamps.com, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amber\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amber\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Amber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\extensions\[email protected]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/22 01:04:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/09 13:36:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2012/06/22 00:35:32 | 000,000,000 | ---D | M]

    [2012/05/31 04:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amber\AppData\Roaming\Mozilla\Extensions
    [2013/05/09 13:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\extensions
    [2013/05/09 12:42:00 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2013/03/22 01:10:55 | 000,002,090 | ---- | M] () -- C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\searchplugins\Searchou.xml
    [2012/05/31 04:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/22 00:35:32 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES (X86)\WORDWEB\WCAPTUREMOZ
    File not found (No name found) -- C:\USERS\AMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MRCIE3SM.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
    [2013/01/14 17:18:52 | 000,001,467 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober139527.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Amber\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Amber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - Extension: YouTube = C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Bookmarks Menu = C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi\3.4.7_0\
    CHR - Extension: Gmail = C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
    O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe ()
    O4 - Startup: C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
    O4 - Startup: C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747A43E3-FE9C-43ED-956F-C451AFF65D2D}: DhcpNameServer = 192.168.43.1
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/05/09 14:21:31 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2011/02/16 18:30:09 | 000,048,912 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2010/11/22 20:09:03 | 000,000,052 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
    O33 - MountPoints2\{1dcb36c2-abd8-11e1-add0-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{1dcb36c2-abd8-11e1-add0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011/02/16 18:30:09 | 000,048,912 | R--- | M] (Electronic Arts)
    O33 - MountPoints2\{77aef5a7-f474-11e1-bf97-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{77aef5a7-f474-11e1-bf97-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
    O33 - MountPoints2\{d0789b05-d127-11e1-af64-902b34125a4c}\Shell - "" = AutoRun
    O33 - MountPoints2\{d0789b05-d127-11e1-af64-902b34125a4c}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
    O33 - MountPoints2\{e19f6dbb-1b8e-11e2-bebb-902b34125a4c}\Shell - "" = AutoRun
    O33 - MountPoints2\{e19f6dbb-1b8e-11e2-bebb-902b34125a4c}\Shell\AutoRun\command - "" = E:\SISetup.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SISetup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/15 15:49:53 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Amber\Desktop\aswMBR.exe
    [2013/05/10 19:10:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
    [2013/05/09 14:21:19 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    [2013/05/09 14:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2013/05/09 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2013/05/09 13:39:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Amber\Desktop\OTL.exe
    [2013/05/09 12:44:37 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Roaming\LavasoftStatistics
    [2013/05/09 12:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
    [2013/05/09 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Local\adawarebp
    [2013/05/09 12:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2013/05/09 12:41:59 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Roaming\SecureSearch
    [2013/05/09 12:41:32 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/05/09 11:59:13 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Roaming\SUPERAntiSpyware.com
    [2013/05/09 11:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/05/09 11:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/05/09 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/05/08 22:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
    [2013/05/08 22:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
    [2013/05/08 22:57:50 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Local\Last.fm
    [2013/05/08 22:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
    [2013/05/08 17:43:16 | 000,000,000 | ---D | C] -- C:\Users\Amber\AppData\Local\Programs
    [2013/05/01 14:05:56 | 000,000,000 | ---D | C] -- C:\Users\Amber\Desktop\Cryptic Studios
    [2013/04/29 13:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codebox
    [2013/04/29 13:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter
    [2013/04/29 13:31:46 | 000,000,000 | ---D | C] -- C:\Users\Amber\Documents\HooNetMeter
    [2013/04/29 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HooTech Net Meter
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/05/16 21:30:38 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/05/16 21:30:38 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/05/16 21:30:38 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/05/16 21:25:19 | 000,000,374 | -H-- | M] () -- C:\Windows\tasks\MagniPicUpdaterTask{F53A189E-7A95-40CE-9E3B-4104D4D74DB4}.job
    [2013/05/16 21:25:18 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
    [2013/05/16 21:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/05/16 21:25:11 | 2132,729,855 | -HS- | M] () -- C:\hiberfil.sys
    [2013/05/16 14:47:50 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/05/16 14:47:50 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/05/16 01:52:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666519262-3164309598-1132915312-1000UA.job
    [2013/05/15 15:58:55 | 000,000,559 | ---- | M] () -- C:\Users\Amber\Desktop\MBR.zip
    [2013/05/15 15:58:08 | 000,000,512 | ---- | M] () -- C:\Users\Amber\Desktop\MBR.dat
    [2013/05/15 15:52:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666519262-3164309598-1132915312-1000Core.job
    [2013/05/15 15:51:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Amber\Desktop\aswMBR.exe
    [2013/05/15 15:47:41 | 000,890,825 | ---- | M] () -- C:\Users\Amber\Desktop\SecurityCheck.exe
    [2013/05/14 11:47:30 | 000,009,204 | ---- | M] () -- C:\Users\Amber\AppData\Local\recently-used.xbel
    [2013/05/10 18:39:59 | 000,002,202 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
    [2013/05/09 14:21:31 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2013/05/09 13:39:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amber\Desktop\OTL.exe
    [2013/05/09 12:41:32 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/05/09 11:59:12 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/05/09 03:36:27 | 000,896,107 | ---- | M] () -- C:\Users\Amber\Desktop\Notes.rtf
    [2013/05/08 22:57:53 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
    [2013/05/08 17:43:24 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/29 13:34:00 | 000,001,174 | ---- | M] () -- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk
    [2013/04/18 00:57:47 | 000,241,773 | ---- | M] () -- C:\Users\Amber\Desktop\driving completion.pdf
    [2013/04/17 21:47:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2013/04/16 23:40:56 | 000,000,614 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/05/15 15:58:55 | 000,000,559 | ---- | C] () -- C:\Users\Amber\Desktop\MBR.zip
    [2013/05/15 15:58:08 | 000,000,512 | ---- | C] () -- C:\Users\Amber\Desktop\MBR.dat
    [2013/05/15 15:47:35 | 000,890,825 | ---- | C] () -- C:\Users\Amber\Desktop\SecurityCheck.exe
    [2013/05/14 11:47:30 | 000,009,204 | ---- | C] () -- C:\Users\Amber\AppData\Local\recently-used.xbel
    [2013/05/10 18:39:59 | 000,002,202 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
    [2013/05/09 14:21:31 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
    [2013/05/09 11:59:12 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/05/09 03:22:20 | 000,896,107 | ---- | C] () -- C:\Users\Amber\Desktop\Notes.rtf
    [2013/05/08 22:57:53 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
    [2013/04/29 13:34:00 | 000,001,174 | ---- | C] () -- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk
    [2013/04/18 00:57:47 | 000,241,773 | ---- | C] () -- C:\Users\Amber\Desktop\driving completion.pdf
    [2013/04/17 21:47:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2013/02/05 02:54:55 | 000,000,818 | ---- | C] () -- C:\Users\Amber\.lmmsrc.xml
    [2013/01/28 21:58:16 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
    [2013/01/26 22:33:10 | 000,000,000 | ---- | C] () -- C:\Users\Amber\.gtk-bookmarks
    [2013/01/26 14:52:22 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2013/01/26 03:21:01 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2013/01/20 00:40:37 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
    [2012/10/31 01:00:16 | 000,757,660 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/25 01:51:39 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
    [2012/06/25 01:51:39 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
    [2012/06/25 01:51:39 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
    [2012/06/25 01:51:39 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll
    [2012/06/25 01:51:39 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll
    [2012/06/25 01:51:39 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
    [2012/06/23 18:46:44 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2012/06/23 18:46:44 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C867251F2F.sys
    [2012/06/22 00:35:32 | 002,213,120 | ---- | C] () -- C:\Windows\wweb32.dll
    [2012/06/09 03:34:58 | 000,029,184 | ---- | C] () -- C:\Users\Amber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/31 20:12:41 | 000,014,051 | R--- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2012/05/31 20:12:38 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
    [2012/05/31 20:12:38 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
    [2012/05/31 20:12:38 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini
    [2012/05/31 04:37:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/05/31 04:31:48 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2012/05/31 04:24:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2012/05/31 04:16:21 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
    [2012/05/31 04:09:48 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 23:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 23:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/05/31 21:58:46 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\acccore
    [2013/02/21 23:57:01 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Audacity
    [2013/03/22 01:12:12 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\AVG2013
    [2013/04/29 13:33:39 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\BitMeter2
    [2012/10/23 20:59:06 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Canon
    [2013/03/08 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\DAoC Portal
    [2012/12/03 13:24:45 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\DMCache
    [2012/12/27 23:49:54 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\DragonSaga
    [2013/03/08 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Electronic Arts
    [2012/07/10 02:18:50 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Enterbrain
    [2013/01/09 01:11:37 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Felbot
    [2013/01/11 01:52:02 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\ICQ-Profile
    [2012/12/13 04:36:56 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Leadertech
    [2012/06/22 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\LolClient
    [2012/06/19 01:40:22 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\LolClient2
    [2012/07/30 00:58:28 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Naturalsoft
    [2012/05/31 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\NetMeter
    [2013/03/22 01:06:24 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Nico Mak Computing
    [2013/04/04 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Origin
    [2012/06/23 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\ProjectZomboid_LAUNCHER
    [2013/05/09 12:41:59 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\SecureSearch
    [2012/06/01 01:07:03 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Spacejock Software
    [2012/05/31 04:24:57 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Splashtop
    [2013/01/28 22:05:41 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Stamps.com Internet Postage
    [2012/06/22 00:32:00 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\TheSage
    [2013/03/22 01:11:35 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\TuneUp Software
    [2012/06/22 04:04:29 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Unity
    [2013/04/15 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

    < MD5 for: EXPLORER.EXE >
    [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
    [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
    [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < %systemroot%\*. /rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    ========== Base Services ==========
    SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
    SRV:64bit: - [2010/11/20 23:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
    SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
    SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
    SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
    SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
    SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
    SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
    SRV:64bit: - [2010/11/20 23:24:16 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
    SRV:64bit: - [2010/11/20 23:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
    SRV - [2010/11/20 23:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
    SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
    SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
    SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
    SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
    SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
    SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
    SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
    SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
    SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
    SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
    SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
    SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
    SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
    SRV:64bit: - [2010/11/20 23:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
    SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
    SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
    SRV:64bit: - [2010/11/20 23:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
    SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
    SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
    SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
    SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
    SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
    SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
    SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
    SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
    SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
    SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
    SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
    SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
    SRV:64bit: - [2010/11/20 23:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
    SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
    SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
    SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
    SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
    SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
    SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
    SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
    SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
    SRV:64bit: - [2010/11/20 23:24:25 | 002,420,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
    SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
    SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
    SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: M4-CT128M4SSD2 ATA Device
    Partitions: 2
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 119.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

    < End of report >
     
  5. mosspiglet52

    mosspiglet52 Thread Starter

    Joined:
    May 9, 2013
    Messages:
    5
    Extras
    OTL Extras logfile created on: 5/9/2013 1:40:46 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amber\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 6.56 Gb Available Physical Memory | 82.23% Memory free
    8.86 Gb Paging File | 7.09 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): c:\pagefile.sys 900 1200 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119.14 Gb Total Space | 22.15 Gb Free Space | 18.59% Space Free | Partition Type: NTFS
    Drive D: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: AMBER-PC | User Name: Amber | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0CC85158-03FF-4D17-81D4-34CBF37C2A7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{150543EB-064C-4787-8633-1D864250ED3A}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3E54FF26-D9B7-461B-94A5-42D1E99B8E47}" = lport=137 | protocol=17 | dir=in | app=system |
    "{4D56542C-1DDF-43C2-89F5-212DBF323720}" = lport=138 | protocol=17 | dir=in | app=system |
    "{4EEE03A1-4FDC-48DF-817F-7A84B76516E2}" = rport=137 | protocol=17 | dir=out | app=system |
    "{559D0243-B522-4E23-B384-BA15AF4276EA}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{5682A29A-4BD7-497A-8301-09B31D340C20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{56988B83-8CF9-48C2-A614-7102F0C7CC6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5F7CAF7C-3D66-4399-9071-3A8665A33B46}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{68C482E1-90D6-4FA4-AAB4-68E260FF87BA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6A28D6D3-A596-4970-BC1F-1D2817451FA2}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6F1A6A73-26AD-4FBC-BCB2-CB652A1548D5}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
    "{76757DF0-C2A8-4A44-B576-93AEF789F425}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7D790909-45D0-4423-A451-F690013EADBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{81D78E6E-6594-4B53-8A3C-E75361143FBF}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.x64.exe |
    "{83496E66-2F85-4500-934D-998E82AAB475}" = rport=445 | protocol=6 | dir=out | app=system |
    "{83B7CBA9-E122-443B-BBB1-5C2F993040EE}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\tools\launcher.exe |
    "{872733B4-A721-42E7-B2A2-631668EC2CE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8D8E575C-D054-44AE-A9AC-95C334FFB1E4}" = lport=445 | protocol=6 | dir=in | app=system |
    "{96D66F35-5EAC-4DB1-9B4F-DF314E6B5139}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9B5470B2-3303-4C52-A919-41ED13114A76}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9FEFF684-5259-4F9A-855E-F1C9835A90A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A45A5859-DB99-4D12-9AB6-934E47F3D4C2}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
    "{B6AA9670-99DB-4C3A-97AB-7E1F5C842FB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B6FE9BA3-0C56-4AB5-90D6-68472980A44E}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.exe |
    "{C9B62B48-5472-440D-892D-CB01A3688605}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DC7C6C42-2D8C-4852-9B47-C24EA0552A4C}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.exe |
    "{E3B51F80-5AAA-4C49-AA9D-6A1F8EB614D0}" = lport=139 | protocol=6 | dir=in | app=system |
    "{E75579C0-33ED-4876-841F-175B9267B4B6}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.exe |
    "{F7D6B24F-52F0-4346-9B7E-7C46882E8178}" = rport=138 | protocol=17 | dir=out | app=system |
    "{F8C3B694-A348-47F5-A36A-A83ADAB2AA52}" = rport=80 | protocol=6 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\tools\launcher.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06568E0C-93F4-454B-B7D4-0D439D3C20F6}" = protocol=17 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.exe |
    "{0A72694C-462B-4C86-920A-0677DBFED5F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0CDBE069-8C7F-4889-A191-255172155561}" = protocol=17 | dir=out | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.exe |
    "{0DD2D3DC-3F9F-4F66-8D23-C64374AEFE6D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{11610C7C-A579-4F56-8FF5-58737AC5D70E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{17BB3C2F-DD15-462E-B97B-88768B11D47C}" = protocol=6 | dir=in | app=c:\users\amber\appdata\local\temp\7zs2f2b\hpdiagnosticcoreui.exe |
    "{19E25206-F7F8-4A61-BF59-9521B005C598}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1C215DFE-10C3-4A90-A139-63F1D3D83FD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{1F0F98F2-03B7-471D-860F-850418A19AF0}" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.exe |
    "{21D06CF5-46C2-4E51-A723-09CF4D12A4DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2DB6E310-AC6B-4772-8A61-2C67D9BBDC2E}" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp |
    "{350DBB85-946A-45DA-AFD2-68C511BE5542}" = protocol=17 | dir=in | app=c:\users\amber\appdata\roaming\icqm\icq.exe |
    "{384CAAD4-C4A5-4E28-9AD3-BC336547BC4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3D1A9CC7-31ED-4565-AE10-D7055527E196}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
    "{4437AA29-017A-46F2-8F98-A00F18A0D10B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4608BBDE-BF0A-4333-9377-FDF5E694776F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{467623C7-8268-40D2-B951-B5CC636E5C40}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{4AD0202E-2E92-4BB6-88FF-59BF4711C6CA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{52543528-7365-4D58-A01B-F0B97C538023}" = protocol=6 | dir=in | app=e:\guild wars 2\gw2.exe |
    "{56ECB047-5380-438A-AF74-C9BEF9818F6B}" = protocol=17 | dir=out | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.x64.exe |
    "{5BB8F608-6C36-4E4E-A7DD-38C98610906C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
    "{5F94CB59-032C-4AE9-997E-A74307DB7142}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{60BD0C51-6936-4D90-962B-ED0CB2601679}" = protocol=17 | dir=out | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.exe |
    "{622E3618-300E-4E6B-A3EF-5502649F8A3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{67E6C984-0DAE-42F4-ACB6-155E9F6F04BA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{6DB5A0E4-CB5B-4A40-A196-00A289C95BE7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7E16E827-BB3D-46A7-9B03-773BB0A69534}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
    "{8B10C416-4E57-4196-9AB4-9A0082B140BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8C28C5FC-21EA-4B33-9B45-C82BCF55CBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{90F89DB0-B09E-4970-AA2C-F7AD2C630372}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
    "{97E071EF-ECF2-4DD2-A9B3-C30209B0DCD5}" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\temp\7zs2f2b\hpdiagnosticcoreui.exe |
    "{A14A5272-FC5C-496E-B802-D0EC956F46B9}" = protocol=17 | dir=in | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.x64.exe |
    "{A5190BCD-A429-4F0D-B0F8-5D36B6CFAF63}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{A59E7686-1F5F-49D7-8542-BE36C81FAEFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C2E7D879-DBAD-472C-9272-68F9DC580581}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C4703597-721F-4599-B0B1-0BDF9C325560}" = protocol=6 | dir=in | app=c:\users\amber\appdata\roaming\icqm\icq.exe |
    "{C573B5D4-950E-418A-B541-94467C10B129}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C7936EF0-9FC0-4A72-9C9B-52001E759285}" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp |
    "{D1884902-6244-4880-9E9D-3B19FA5759A8}" = protocol=17 | dir=in | app=e:\guild wars 2\gw2.exe |
    "{D6651DFC-F44A-4B06-85E1-62952B4C48FB}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{DCCA4D33-A770-46E3-84CC-31152CDC36C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DEE3ACA8-786D-48DF-BABE-2F2DF99C4212}" = protocol=6 | dir=out | app=system |
    "{DFBC99DA-52B6-4762-8F66-6991A75C15E6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{E1FF482D-123E-4DED-A8C6-12AB20C64140}" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.exe |
    "{E28387AF-5D9F-4105-8C87-3B2505A8C76B}" = protocol=17 | dir=in | app=c:\users\amber\desktop\downloaded\downloaded\public\warframe.exe |
    "{E42251B4-A8ED-49F1-AF1C-3CC422465ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{EBF2672B-F59A-4087-9BCE-FB0B520DE15A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F03ABD55-2FA7-4355-9932-D8A421182068}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{F08A1E94-2E6E-4F5E-ABD5-1FA7CAB75EEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F6E1653B-DC43-4AC7-8123-53A053FBA5EB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{FBBE2B09-1239-466E-8871-F5CEC8C0D423}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "TCP Query User{0914C1FF-8601-4FCE-8297-31B8FC3F60FD}C:\program files (x86)\planetside\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\planetside\planetside2.exe |
    "TCP Query User{0F748B85-7F8A-4E42-A6DC-2C5A417A0C0C}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "TCP Query User{28C5DC6A-318B-4D31-AD4B-1711A1847978}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
    "TCP Query User{2F3D0070-B30C-435F-AAE6-5AE3E2F106D6}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "TCP Query User{55CC2F9A-39DD-4CB1-943C-892D6D6EF4BE}C:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.exe" = protocol=6 | dir=in | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.exe |
    "TCP Query User{61BAE24D-692C-45E6-820A-684DEE360430}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "TCP Query User{73279850-0A0A-44A3-B734-59F09E6837FE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "TCP Query User{7567AD8E-28E4-4C31-90A9-0628A1538183}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
    "TCP Query User{7902FF9C-427A-468D-BEF8-B6C391B0A79A}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "TCP Query User{81104251-6201-4455-A1E6-5B23A79276B1}C:\program files (x86)\guild wars 2\gw2.tmp" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp |
    "TCP Query User{8B2950B9-1881-42B0-8CE0-C86250CD6559}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
    "TCP Query User{8F420181-3D10-45BC-9D9B-DA647B8C4F57}C:\program files (x86)\planetside\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\planetside\planetside2.exe |
    "TCP Query User{91C90F9E-9B64-4913-9966-6D5A1E9B0484}E:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=e:\guild wars 2\gw2.exe |
    "TCP Query User{9AA94940-6F2E-4796-B60D-B3E550501FCE}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "TCP Query User{9BE68863-30B9-45C0-A98F-F6EE9F7C2F17}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
    "TCP Query User{9E8FFF9A-22A1-4C6A-AE86-0E747C5D6651}C:\users\amber\appdata\local\temp\f9a44d816f.exe" = protocol=6 | dir=in | app=c:\users\amber\appdata\local\temp\f9a44d816f.exe |
    "TCP Query User{A223A274-C864-4BE5-B326-D65B967363A5}C:\users\amber\desktop\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\amber\desktop\planetside 2\planetside2.exe |
    "TCP Query User{AD5CD80B-4AC3-461E-9F74-EE176B2EF117}C:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe |
    "TCP Query User{AFB77A60-48AC-4A83-ADB8-997E9B0515A5}C:\users\amber\desktop\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\amber\desktop\planetside 2\planetside2.exe |
    "TCP Query User{B6FADCF8-2CB1-4F3F-AB61-120B7C620C6A}C:\users\amber\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\amber\downloads\neverwinter_nw.1.20130416a.6.exe |
    "TCP Query User{BD9D42F1-CF1D-4CCB-82EC-28A22D63BAA0}C:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe |
    "TCP Query User{C446121D-1892-4E96-87F8-0A5C1882E1B9}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "TCP Query User{D188A181-35FF-48F9-92CD-502576264EA2}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "TCP Query User{FDC41767-B55F-417B-BCB9-34976DD9C577}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{039A7C58-34B4-4B8F-9EA1-F2552D8BC671}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "UDP Query User{2333D852-464A-4A61-BBE0-8E5ED0220C5D}C:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe |
    "UDP Query User{37B57B1F-28DA-4A48-962C-91FE9CCD2F4E}E:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=e:\guild wars 2\gw2.exe |
    "UDP Query User{37D8CD12-D463-4180-8FD8-99F364408A51}C:\users\amber\appdata\local\temp\f9a44d816f.exe" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\temp\f9a44d816f.exe |
    "UDP Query User{37F94D38-54A5-4AEB-8AAB-3CA506AFB3E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{4F1C1220-773A-44D7-BDF8-9DC8E485469F}C:\users\amber\desktop\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\amber\desktop\planetside 2\planetside2.exe |
    "UDP Query User{59E8E24B-1448-4B61-8256-CA7640BA3933}C:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.exe" = protocol=17 | dir=in | app=c:\users\amber\appdata\local\warframe\downloaded\public\warframe.x64.exe |
    "UDP Query User{6032BCBB-C66B-41F9-8281-C4BB69D687A4}C:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\amber\desktop\cryptic studios\neverwinter\live\gameclient.exe |
    "UDP Query User{75C224B9-9B2C-4851-ADB5-2F53F374BC23}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
    "UDP Query User{82AAE145-C925-4608-8FD4-AC70DF513709}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
    "UDP Query User{93FFCB53-000B-464C-8D80-77D8A153632B}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{A8B3BD0A-7C00-4EAF-BD67-1F63110B9462}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "UDP Query User{B0C840E6-1942-4D18-8421-80ABE8967B2C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "UDP Query User{C6D7B3D6-188F-47A6-BA4D-2B931EAE31B1}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
    "UDP Query User{C72D342D-A4F1-4338-B733-7F07D3374419}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "UDP Query User{C9D9B7B1-46A9-4C83-96AA-0827DB3626E4}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{CB76D41B-9163-4634-919C-8E311F732148}C:\users\amber\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\amber\downloads\neverwinter_nw.1.20130416a.6.exe |
    "UDP Query User{CDFEDB9E-834A-482B-A1C9-A154E5E1209F}C:\program files (x86)\planetside\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\planetside\planetside2.exe |
    "UDP Query User{CF308FF6-B9F2-492F-829C-856B6A1F5399}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "UDP Query User{E2F0CE4E-A9D7-4D0E-856C-98DE91B0515C}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
    "UDP Query User{E70D9447-B583-4055-9998-4A41378C09B6}C:\program files (x86)\planetside\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\planetside\planetside2.exe |
    "UDP Query User{F94AFE5C-263D-4E1E-92E0-F4594D1DD4D8}C:\program files (x86)\guild wars 2\gw2.tmp" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp |
    "UDP Query User{FDB5AD73-01ED-4EC7-B236-41FE7287C471}C:\users\amber\desktop\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\amber\desktop\planetside 2\planetside2.exe |
    "UDP Query User{FFF33AE0-4656-4780-96F4-F3F56627A746}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{115C101B-99FC-B3D0-753B-3FF6AF5A1859}" = AMD Drag and Drop Transcoding
    "{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager
    "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
    "{8BF6C901-8C9D-C663-F997-EC95A2CCA228}" = AMD AVIVO64 Codecs
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
    "{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders
    "{B457D49F-00E2-0FF2-4234-C20FC0702E2E}" = AMD Fuel
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "CCleaner" = CCleaner
    "GIMP-2_is1" = GIMP 2.8.0
    "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
    "{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
    "{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
    "{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
    "{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{19B54068-29AC-4C63-B23E-437329EE8258}" = Stamps.com Web Postage Plug-in
    "{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
    "{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
    "{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy
    "{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
    "{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = AMD VISION Engine Control Center
    "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
    "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
    "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.1124.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
    "{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
    "{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
    "{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
    "{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
    "{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
    "{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
    "{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
    "{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
    "{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
    "{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
    "{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
    "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
    "{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
    "{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
    "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
    "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
    "{C5E7BF75-007E-44AD-8962-627ED44CB63B}" = NaturalReaderFree
    "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
    "{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
    "{D82BEF61-A0DA-4B2F-B53C-038310FB32EB}" = HydraVision
    "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
    "{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
    "{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6E63EBE-DFAC-4925-A343-531DCB4630AF}" = TurboTax 2012 wsciper
    "{FC4DE34E-DA9E-4F02-9837-2E65F73A0234}" = Verizon Wireless Software Utility Application for Android - Samsung
    "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AIM_7" = AIM 7
    "Audacity_is1" = Audacity 2.0
    "BitMeter" = BitMeter
    "Felbot" = Felbot v1.2.1
    "Fraps" = Fraps
    "GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.20
    "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.1124.1
    "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
    "LAME_is1" = LAME v3.99.3 (for Windows)
    "LastFM_is1" = Last.fm Scrobbler 2.1.35
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
    "Origin" = Origin
    "RGSS-RTP Standard_is1" = RGSS-RTP Standard
    "RPG Maker VX RTP_is1" = RPG Maker VX RTP
    "RPG Maker VX_is1" = RPG Maker VX
    "RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
    "Stamps.com" = Stamps.com
    "Stamps.com Web Postage Plug-in" = Stamps.com Web Postage Plug-in
    "TheSage" = TheSage
    "TurboTax 2012" = TurboTax 2012
    "uTorrent" = µTorrent
    "WordWeb" = WordWeb

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1666519262-3164309598-1132915312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AIM" = AIM for Windows
    "Google Chrome" = Google Chrome
    "SOE-C:/Program Files (x86)/Planetside" = gamelauncher-ps2-live (x86)-Planetside
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 9002
    Description =

    Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 3029
    Description =

    Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 3029
    Description =

    Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 3028
    Description =

    Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 3058
    Description =

    Error - 5/9/2013 11:09:37 AM | Computer Name = Amber-PC | Source = Windows Search Service | ID = 7010
    Description =

    Error - 5/9/2013 12:45:29 PM | Computer Name = Amber-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/9/2013 12:56:11 PM | Computer Name = Amber-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/9/2013 1:32:12 PM | Computer Name = Amber-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/9/2013 1:37:36 PM | Computer Name = Amber-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 5/9/2013 1:30:20 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 5/9/2013 1:32:07 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.2 service failed to start due to the following error:
    %%2

    Error - 5/9/2013 1:37:32 PM | Computer Name = Amber-PC | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.2 service failed to start due to the following error:
    %%2


    < End of report >
     
  6. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi mosspiglet52,

    1. P2P - (Peer to Peer)

    I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall this now.

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

    • uTorrent
    If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

    =========================

    2. AdwCleaner

    Download AdwCleaner to your desktop.

    Right click and select "Run as Administrator".

    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply

    =========================

    3. RogueKiller

    Download to your desktop RogueKiller (by tigzy)

    Right click and select "Run as Administrator"

    • Quit all programs
    • Wait until Prescan has finished ...
    • Click on Scan, Do Not Fix Anything at this point.
    • Click the Report button, save the report to your desktop
    =========================

    In your next post please provide the following:

    • AdwCleaner.txt
    • RogueKiller log
    • How is the computer running at the moment?
     
  7. mosspiglet52

    mosspiglet52 Thread Starter

    Joined:
    May 9, 2013
    Messages:
    5
    I am not getting the Blekko search engine every time I start up my browser, but I am getting around 200 alerts on my Superantispyware every time I run it, despite deleting the threats they reappear every time I run the scan.

    Adwcleaner:

    # AdwCleaner v2.301 - Logfile created 05/17/2013 at 22:07:23
    # Updated 16/05/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Amber - AMBER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Amber\Desktop\AdwCleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v3.5.4 (en-US)

    File : C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\mrcie3sm.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [19230 octets] - [09/05/2013 13:35:44]
    AdwCleaner[S1].txt - [19658 octets] - [09/05/2013 13:36:16]
    AdwCleaner[S2].txt - [1117 octets] - [17/05/2013 00:16:15]
    AdwCleaner[S3].txt - [322 octets] - [17/05/2013 22:04:43]
    AdwCleaner[S4].txt - [1183 octets] - [17/05/2013 22:05:08]
    AdwCleaner[S5].txt - [1114 octets] - [17/05/2013 22:07:23]

    ########## EOF - C:\AdwCleaner[S5].txt - [1174 octets] ##########


    Roguekiller:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Amber [Admin rights]
    Mode : Scan -- Date : 05/17/2013 22:10:23
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] UtilityApplication.exe -- C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> FOUND
    [TASK][SUSP PATH] MagniPicUpdaterTask{F53A189E-7A95-40CE-9E3B-4104D4D74DB4}.job : C:\ProgramData\Premium\MagniPic\MagniPic.exe /schedule /profile "C:\ProgramData\Premium\MagniPic\profile.ini" [x] -> FOUND
    [STARTUP][SUSP PATH] Launch Utility Application.lnk @Amber : C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [-] -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
    --- User ---
    [MBR] 0dcb0ddb58bfd869719026f485220ac6
    [BSP] dcca503860d8ed5c3937acb4bb396d2f : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_S_05172013_02d2210.txt >>
    RKreport[1]_S_05172013_02d0021.txt ; RKreport[2]_S_05172013_02d2210.txt
     
  8. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi mosspiglet52,

    1. AdwCleaner log

    Please locate this AdwCleaner log and post it in your next reply.

    C:\AdwCleaner[S1].txt

    =========================

    2. Re-run RogueKiller

    Right click and select "Run as Administrator"

    • Quit all programs
    • Wait until Prescan has finished ...
    • Click on Scan.
    • After the scan has completed click on the Registry tab
    • Place a check mark next to each of the following entries:

      • [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> FOUND
        [TASK][SUSP PATH] MagniPicUpdaterTask{F53A189E-7A95-40CE-9E3B-4104D4D74DB4}.job : C:\ProgramData\Premium\MagniPic\MagniPic.exe /schedule /profile "C:\ProgramData\Premium\MagniPic\profile.ini" [x] -> FOUND
        [STARTUP][SUSP PATH] Launch Utility Application.lnk @Amber : C:\Users\Amber\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [-] -> FOUND
        [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
        [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
        [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
        [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND
        [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
        [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    • Remove the check mark from all other entries listed
    • Click the Delete button
    • Click the Report button, save the report to your desktop

    =========================

    3. Re-run OTL (it should be located on your desktop).

    Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.

    • Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Uncheck the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
      Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

    =========================

    In your next post please provide the following:

    • AdwCleaner[S1].txt
    • RogueKiller log
    • OTL.txt
    • How is the computer running?
     
  9. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi mosspiglet52,

    Just checking in to see if you still need help or need additional time to complete the steps requested?
     
  10. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi mosspiglet52,

    Due to lack of feedback I am unsubscribing from the topic. If you should require help in the future please start a new topic.

    OCD
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1098270