Page 1 of 3 123 LastLast
Results 1 to 10 of 21
  1. #1
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default Malwarebytes ERROR - Spyware found on daily scans (Anti + HJT Logs includ.)

    Hey guys,

    Im guessing theres something on my computer that causing Malwarebytes to not function anymore. Even after uninstalling it and re-doing the application is prompts the same error message. Spyware detected through Super Anti-Spyware scans daily. My computer also boots in scan disk mode everytime despite shutting down properly etc

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:03:11, on 8/22/2014
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)


    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ASRock\XFast LAN\spd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\WINDOWS\system32\KaraokeSer.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\XFastUSB\XFastUsb.exe
    C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
    C:\DOCUME~1\Xtrakt\LOCALS~1\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
    C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Samsung\Kies\Kies.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Documents and Settings\Xtrakt\Desktop\HJT.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: 54.225.95.126 fjnoekdlmmjagmmlchagfonjgbioomoo
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files\XFastUSB\XFastUsb.exe"
    O4 - HKLM\..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
    O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
    O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
    O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    --
    End of file - 10227 bytes


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 08/22/2014 at 10:58 AM

    Application Version : 5.7.1018

    Core Rules Database Version : 11450
    Trace Rules Database Version: 9262

    Scan type : Complete Scan
    Total Scan Time : 00:26:20

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 537
    Memory threats detected : 0
    Registry items scanned : 38362
    Registry threats detected : 0
    File items scanned : 36242
    File threats detected : 8

    Adware.Tracking Cookie
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\XTRAKT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    What does the Malwarebytes error say ?

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

  3. #3
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Malwarebytes wont even run. Im prompted with a crash screen and go through the motions of reporting the error. Here are the OTL logs below.

    OTL logfile created on: 8/26/2014 10:27:32 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Xtrakt\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.22 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.68% Memory free
    5.06 Gb Paging File | 4.47 Gb Available in Paging File | 88.27% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 200.00 Gb Total Space | 117.49 Gb Free Space | 58.74% Space Free | Partition Type: NTFS
    Drive E: | 265.76 Gb Total Space | 122.55 Gb Free Space | 46.11% Space Free | Partition Type: NTFS

    Computer Name: LWRAKL-2112 | User Name: Xtrakt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/08/26 10:24:00 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
    PRC - [2014/08/26 09:56:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xtrakt\My Documents\Downloads\OTL.exe
    PRC - [2014/08/07 15:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2014/07/11 02:59:05 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2014/06/28 20:06:56 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    PRC - [2014/01/25 11:21:16 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/03/28 18:32:38 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2013/03/28 18:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2013/03/28 18:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
    PRC - [2012/11/22 14:52:57 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    PRC - [2012/11/22 14:50:25 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files\XFastUSB\XFastUsb.exe
    PRC - [2012/07/12 06:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2012/04/20 13:11:32 | 000,462,048 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe
    PRC - [2011/10/19 15:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\spd.exe
    PRC - [2011/10/19 15:19:20 | 001,202,560 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
    PRC - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
    PRC - [2009/07/08 14:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
    PRC - [2009/02/23 15:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2000/01/01 12:00:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2000/01/01 12:00:00 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2000/01/01 12:00:00 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2000/01/01 12:00:00 | 000,088,696 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/08/26 10:24:02 | 000,592,896 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~de6248.tmp
    MOD - [2014/08/26 10:24:00 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~df394b.tmp
    MOD - [2014/08/07 15:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
    MOD - [2014/08/07 15:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
    MOD - [2014/08/07 15:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
    MOD - [2014/02/13 10:31:10 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
    MOD - [2014/02/13 10:31:02 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fd639d8d8def70deaf3b26cd073577f3\System.Runtime.Remoting.ni.dll
    MOD - [2014/02/13 10:30:31 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
    MOD - [2014/02/13 09:47:45 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    MOD - [2014/02/13 09:46:31 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
    MOD - [2014/02/13 09:40:50 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
    MOD - [2014/02/13 09:40:03 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
    MOD - [2014/02/13 09:39:30 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
    MOD - [2014/02/13 09:39:06 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    MOD - [2014/02/13 09:38:31 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
    MOD - [2014/01/20 12:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/01/20 12:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/03/28 18:27:48 | 017,433,088 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    MOD - [2013/03/28 18:26:22 | 000,570,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    MOD - [2013/03/28 18:26:14 | 000,035,840 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    MOD - [2013/03/20 17:29:20 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    MOD - [2013/03/20 17:06:28 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
    MOD - [2000/01/01 12:00:00 | 001,198,912 | ---- | M] () -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2014/08/21 10:47:14 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/07/11 02:59:05 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
    SRV - [2012/11/22 14:53:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/11/22 14:52:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
    SRV - [2012/07/12 06:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/10/19 15:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
    SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV - [2009/02/23 15:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2000/01/01 12:00:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2000/01/01 12:00:00 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2000/01/01 12:00:00 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2000/01/01 12:00:00 | 000,088,696 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2014/08/09 08:41:09 | 000,029,760 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
    DRV - [2014/07/29 10:30:13 | 000,026,328 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsomc.sys -- (ggsomc)
    DRV - [2014/07/29 10:30:13 | 000,013,528 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
    DRV - [2014/05/26 11:15:22 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2013/08/25 09:30:48 | 000,013,120 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2013/06/21 12:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd)
    DRV - [2013/06/21 12:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudobex.sys -- (ssudobex)
    DRV - [2013/06/21 12:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2013/06/21 12:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2013/06/21 12:07:38 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2013/06/21 12:07:38 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus)
    DRV - [2013/06/21 12:07:38 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2013/03/20 17:02:16 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - [2012/11/22 14:50:25 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV - [2012/03/14 08:04:18 | 001,076,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
    DRV - [2012/03/02 09:02:00 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandadb.sys -- (androidusb)
    DRV - [2012/03/02 09:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
    DRV - [2012/03/02 09:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
    DRV - [2012/03/02 09:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
    DRV - [2012/03/02 09:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
    DRV - [2011/08/17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011/07/23 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/07/04 14:18:58 | 001,156,992 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
    DRV - [2011/05/10 15:28:20 | 000,015,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
    DRV - [2010/10/20 15:09:28 | 000,009,216 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2010/10/18 13:12:56 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsmdm.sys -- (zghsmdm)
    DRV - [2010/10/18 13:12:32 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsdiag.sys -- (zghsdiag)
    DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
    DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
    DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
    DRV - [2008/01/15 10:44:08 | 000,063,360 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zebrceb.sys -- (zebrceb)
    DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2000/01/01 12:00:00 | 002,558,200 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2000/01/01 12:00:00 | 001,656,960 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AMBFilt)
    DRV - [2000/01/01 12:00:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (MonFilt)
    DRV - [2000/01/01 12:00:00 | 000,415,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2000/01/01 12:00:00 | 000,270,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
    DRV - [2000/01/01 12:00:00 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{27EA813F-CE09-471A-80EF-DE7EDB1C4A2E}: "URL" = http://www.mysearchresults.com/search?c=0000&t=01&q={searchTerms}
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{2A6B0296-DCC6-4281-BF19-7CF87D2CE5BB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282722&CUI=UN14802986883161318&UM=2&SSPV=TB_C5
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{5EC4BD7B-272F-44D4-BFFF-58057313333F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_130.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 30.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/07/16 23:27:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 30.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2012/12/05 15:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Extensions
    [2014/07/05 22:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions
    [2012/12/14 08:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi

    ========== Chrome ==========

    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
    CHR - Extension: Google Wallet = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

    O1 HOSTS File: ([2014/07/05 22:31:41 | 000,000,782 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 54.225.95.126 fjnoekdlmmjagmmlchagfonjgbioomoo
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O4 - HKLM..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1 File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
    O4 - HKLM..\Run: [XFastUSB] C:\Program Files\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1 File not found
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [ASRockXTU] File not found
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-854245398-1275210071-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/w...?1353839826781 (WUWebControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1E23DEE-5F9B-4927-96C7-F806D00524F6}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/11/22 12:49:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2014/03/29 03:53:57 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell - "" = AutoRun
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/08/26 09:51:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Xtrakt\Recent
    [2014/08/22 11:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Desktop\193
    [2014/08/21 10:47:12 | 017,903,280 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2014/08/19 23:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/08/19 23:06:58 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/08/19 23:06:58 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014/08/19 23:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/07/29 10:30:13 | 000,026,328 | ---- | C] (Sony Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsomc.sys
    [2014/07/29 10:30:13 | 000,013,528 | ---- | C] (Sony Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
    [2014/07/29 10:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Mobile
    [2014/07/29 10:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Mobile
    [2014/07/29 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
    [2014/07/29 09:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Application Data\Teleca
    [2014/07/29 09:42:01 | 000,063,360 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\zebrceb.sys
    [2014/07/29 09:42:01 | 000,012,160 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\zebrwhnt.sys
    [2014/07/29 09:42:01 | 000,012,160 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\zebrwh.sys
    [2014/07/29 09:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Sony Ericsson
    [2014/07/29 09:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Application Data\Sony Ericsson
    [2014/07/29 09:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intuwave
    [2014/07/29 09:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symbian
    [2014/07/29 09:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony Ericsson
    [2014/07/29 09:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Ericsson Shared
    [2014/07/29 09:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    [2014/07/29 09:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
    [2014/07/29 09:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Teleca
    [2014/07/29 09:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
    [2014/07/29 09:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
    [2014/07/29 09:40:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
    [2014/07/29 09:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony
    [2014/07/29 09:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2014/07/29 09:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
    [1 C:\Documents and Settings\Xtrakt\My Documents\*.tmp files -> C:\Documents and Settings\Xtrakt\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/08/26 10:23:58 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
    [2014/08/26 10:23:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/08/26 10:23:55 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2014/08/26 10:23:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/08/26 10:11:50 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/08/26 09:47:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/08/26 09:28:25 | 000,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/08/24 20:08:46 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/08/24 19:57:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
    [2014/08/22 10:16:29 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\PhotoPadReminder.job
    [2014/08/22 10:16:28 | 000,245,655 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Desktop\RapNomination.png
    [2014/08/21 10:47:14 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2014/08/21 10:47:14 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2014/08/21 10:47:12 | 017,903,280 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2014/08/19 23:07:06 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/08/15 18:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2014/08/09 08:41:09 | 000,029,760 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH_305.SYS
    [2014/08/08 15:00:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2014/07/29 10:32:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsomc_01009.Wdf
    [2014/07/29 10:32:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01009.Wdf
    [2014/07/29 10:30:13 | 000,026,328 | ---- | M] (Sony Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsomc.sys
    [2014/07/29 10:30:13 | 000,013,528 | ---- | M] (Sony Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
    [2014/07/29 09:35:55 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
    [1 C:\Documents and Settings\Xtrakt\My Documents\*.tmp files -> C:\Documents and Settings\Xtrakt\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/08/22 10:12:50 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\PhotoPadReminder.job
    [2014/08/22 09:28:23 | 000,245,655 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Desktop\RapNomination.png
    [2014/08/19 23:07:06 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/07/29 10:32:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsomc_01009.Wdf
    [2014/07/29 10:32:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01009.Wdf
    [2014/07/29 09:41:34 | 000,000,288 | ---- | C] () -- C:\WINDOWS\mrinstu.iss
    [2014/07/29 09:35:55 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
    [2014/03/28 17:59:49 | 000,013,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2013/11/24 08:07:57 | 000,458,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-854245398-1275210071-725345543-1004-0.dat
    [2013/11/03 21:44:34 | 000,179,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/10/14 15:57:08 | 000,678,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/09/04 15:53:29 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2013/09/04 15:53:29 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2013/09/04 15:53:29 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2013/09/04 15:53:29 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2013/09/04 15:53:29 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2013/09/04 15:53:29 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2013/09/04 15:53:29 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2013/09/04 15:53:29 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2013/09/04 15:53:29 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2013/09/04 15:53:29 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2013/09/04 15:53:29 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2013/09/04 15:53:29 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2013/09/04 15:53:29 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2013/09/04 15:53:29 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2013/09/04 15:53:29 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2013/09/04 15:53:29 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2013/09/04 15:53:29 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2013/09/04 15:53:29 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2013/09/04 15:53:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2013/09/04 15:36:40 | 000,002,148 | ---- | C] () -- C:\WINDOWS\Estwn322.ini
    [2013/09/04 15:36:40 | 000,002,142 | ---- | C] () -- C:\WINDOWS\Estwain2.ini
    [2013/09/01 10:12:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Epscan2.INI
    [2013/08/19 14:17:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2013/08/19 14:17:22 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2013/08/14 11:03:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
    [2013/08/14 11:03:01 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2013/08/12 22:48:39 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/08/06 13:58:54 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/04/17 20:02:22 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv6
    [2013/03/20 17:02:22 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2013/03/20 17:02:20 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2013/03/20 17:02:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2013/03/20 17:02:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2013/03/20 17:02:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2013/01/30 13:37:42 | 000,111,664 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\VideoPad.dmp
    [2012/12/11 14:07:26 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
    [2012/12/02 21:45:08 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/11/30 11:28:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2012/11/26 09:09:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/11/23 01:39:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2012/11/23 01:38:59 | 000,158,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/11/22 20:07:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\$_hpcst$.hpc
    [2012/11/22 19:59:48 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
    [2012/11/22 15:05:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
    [2012/11/22 14:53:35 | 000,011,323 | R--- | C] () -- C:\WINDOWS\System32\CTSBAMB.INI
    [2012/11/22 14:52:57 | 000,014,040 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
    [2012/11/22 14:52:57 | 000,005,288 | ---- | C] () -- C:\WINDOWS\xFi_MiddleLayerKey32.ini
    [2012/11/22 14:52:36 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\AMBSPI.DLL
    [2012/11/22 14:50:34 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\user_data.ini
    [2012/11/22 14:40:52 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2012/11/22 14:40:15 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2012/11/22 14:40:15 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2012/11/22 14:39:09 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [2012/11/22 14:39:09 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2012/11/22 14:39:08 | 000,963,144 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
    [2012/11/22 14:39:08 | 000,261,208 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
    [2012/11/22 14:39:08 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
    [2012/11/22 12:50:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012/11/22 12:46:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    ========== ZeroAccess Check ==========

    [2012/11/25 20:52:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/10 00:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 4 bytes -> C:\Temp:rnd.dat
    @Alternate Data Stream - 4 bytes -> C:\Tempid2
    @Alternate Data Stream - 4 bytes -> C:\Tempid1
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:373E1720
    @Alternate Data Stream - 1123 bytes -> C:\Temp:list

    < End of report >

    OTL Extras logfile created on: 8/26/2014 10:27:32 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Xtrakt\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.22 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.68% Memory free
    5.06 Gb Paging File | 4.47 Gb Available in Paging File | 88.27% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 200.00 Gb Total Space | 117.49 Gb Free Space | 58.74% Space Free | Partition Type: NTFS
    Drive E: | 265.76 Gb Total Space | 122.55 Gb Free Space | 46.11% Space Free | Partition Type: NTFS

    Computer Name: LWRAKL-2112 | User Name: Xtrakt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-854245398-1275210071-725345543-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "94:TCP" = 94:TCP:*:Enabled:VRS Recording System TCP/IP Port
    "4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Viber\Viber.exe" = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Viber\Viber.exe:*:Enabled:Viber -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
    "C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
    "C:\Program Files\IAHGames\Counter-Strike Online\Bin\NMService.exe" = C:\Program Files\IAHGames\Counter-Strike Online\Bin\NMService.exe:*:Enabled:Nexon Messenger Core
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
    "C:\Program Files\tixati\tixati.exe" = C:\Program Files\tixati\tixati.exe:*:Enabled:Tixati -- (Tixati Software Inc.)
    "C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe" = C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe:*:Enabled:TwonkyMedia
    "C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe" = C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer
    "C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe" = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe:*:Enabled:TwonkyMediaManager
    "C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Viber\Viber.exe" = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Viber\Viber.exe:*:Enabled:Viber -- ()
    "C:\Program Files\Bench\Proxy\proc.exe" = C:\Program Files\Bench\Proxy\proc.exe:*:Enabled:Proxy
    "C:\Program Files\Bench\Proxy\pwdg.exe" = C:\Program Files\Bench\Proxy\pwdg.exe:*:Enabled:Proxy
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
    "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe" = C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module -- (Intuwave Ltd.)
    "C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe" = C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe:*:Enabled:Update Engine -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A37EE62-9A58-420D-90CC-4E52153112EE}" = iTunes
    "{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
    "{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
    "{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
    "{152A537F-45E9-4B15-8847-2E3E5BE61859}" = Intel Trusted Connect Service Client
    "{15ed2117-5da1-4ca4-ae6b-c332d6eae862}" = Serato DJ 1.0
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 65
    "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36235A3F-92C7-4F90-84E7-3697C59AD369}" = Sony ACID 4.0f
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F844BF4-CA63-4E1A-9374-FA7F95A72E65}" = Serato DJ 1.0
    "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.7
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}" = Apple Mobile Device Support
    "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}" = VirtualDJ 8
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
    "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
    "{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
    "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CA236E47-2B28-40F3-8DDB-45BE148AD986}" = TP-LINK TL-WN725N Driver
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
    "{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EBED0919-4BD0-4718-BA7A-5D2B503F9BC6}_is1" = ZTE Handset USB Driver 5.2066.1.7
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.211
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
    "ASRock App Charger_is1" = ASRock App Charger v1.0.5
    "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.169
    "ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EPSON Scan! II" = EPSON Scan! II
    "EPSON Scanner" = EPSON Scan
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileHippo.com" = FileHippo.com Update Checker
    "FileViewPro_is1" = FileViewPro
    "FileZilla Client" = FileZilla Client 3.7.1
    "FL Studio 11" = FL Studio 11
    "Free MP4 to VOB Converter" = Free MP4 to VOB Converter 2.0.1
    "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.9.822
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "LG PC Suite IV" = LG PC Suite IV
    "M4a to MP3 Converter Free_is1" = M4a to MP3 Converter Free 3.6.1
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Mozilla Thunderbird 30.0 (x86 en-US)" = Mozilla Thunderbird 30.0 (x86 en-US)
    "mRouterRuntime" =
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "PhotoPad" = PhotoPad Image Editor
    "PokerStars" = PokerStars
    "Prism" = Prism Video File Converter
    "PSP Video 9" = PSP Video 9 6
    "ScreenshotCaptor_is1" = Screenshot Captor 3.05.01
    "Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
    "Sublime Text 2_is1" = Sublime Text 2.0.2
    "tixati" = Tixati
    "Update Engine" = Sony Mobile Update Engine
    "VideoPad" = VideoPad Video Editor
    "VLC media player" = VLC media player 2.0.4
    "WavePad" = WavePad Sound Editor
    "Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 5.00 beta 5 (32-bit)
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XFast LAN" = XFast LAN v6.61
    "XFastUSB" = XFastUSB

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-854245398-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "soe-DC Universe Online" = DC Universe Online
    "SOE-DC Universe Online Live" = DC Universe Online Live
    "Viber" = Viber
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/24/2014 3:28:27 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/24/2014 3:28:27 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/24/2014 3:57:01 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/24/2014 3:57:01 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/25/2014 5:28:51 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/25/2014 5:28:51 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/25/2014 6:01:53 PM | Computer Name = LWRAKL-2112 | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.0.0.532, faulting module
    msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.

    Error - 8/25/2014 6:02:02 PM | Computer Name = LWRAKL-2112 | Source = Application Error | ID = 1001
    Description = Fault bucket 209587970.

    Error - 8/25/2014 6:23:58 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/25/2014 6:23:58 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    [ Application Events ]
    Error - 8/24/2014 3:28:27 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/24/2014 3:28:27 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/24/2014 3:57:01 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/24/2014 3:57:01 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/25/2014 5:28:51 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/25/2014 5:28:51 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/25/2014 6:01:53 PM | Computer Name = LWRAKL-2112 | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.0.0.532, faulting module
    msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.

    Error - 8/25/2014 6:02:02 PM | Computer Name = LWRAKL-2112 | Source = Application Error | ID = 1001
    Description = Fault bucket 209587970.

    Error - 8/25/2014 6:23:58 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/25/2014 6:23:58 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    [ System Events ]
    Error - 8/19/2014 6:40:24 AM | Computer Name = LWRAKL-2112 | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 8/19/2014 7:04:02 AM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/19/2014 7:04:02 AM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 4:55:11 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 4:55:11 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 5:31:17 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 5:31:17 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/21/2014 4:50:02 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/21/2014 4:50:02 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/24/2014 3:29:14 AM | Computer Name = LWRAKL-2112 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    [ System Events ]
    Error - 8/19/2014 6:40:24 AM | Computer Name = LWRAKL-2112 | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 8/19/2014 7:04:02 AM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/19/2014 7:04:02 AM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 4:55:11 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 4:55:11 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 5:31:17 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 5:31:17 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/21/2014 4:50:02 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/21/2014 4:50:02 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/24/2014 3:29:14 AM | Computer Name = LWRAKL-2112 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.


    < End of report >

  4. #4
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Malwarebytes wont even run. Im prompted with a crash screen and go through the motions of reporting the error. Here are the OTL logs below.

    OTL logfile created on: 8/26/2014 10:27:32 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Xtrakt\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.22 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.68% Memory free
    5.06 Gb Paging File | 4.47 Gb Available in Paging File | 88.27% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 200.00 Gb Total Space | 117.49 Gb Free Space | 58.74% Space Free | Partition Type: NTFS
    Drive E: | 265.76 Gb Total Space | 122.55 Gb Free Space | 46.11% Space Free | Partition Type: NTFS

    Computer Name: LWRAKL-2112 | User Name: Xtrakt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/08/26 10:24:00 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
    PRC - [2014/08/26 09:56:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xtrakt\My Documents\Downloads\OTL.exe
    PRC - [2014/08/07 15:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2014/07/11 02:59:05 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2014/06/28 20:06:56 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    PRC - [2014/01/25 11:21:16 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/03/28 18:32:38 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2013/03/28 18:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2013/03/28 18:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
    PRC - [2012/11/22 14:52:57 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    PRC - [2012/11/22 14:50:25 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files\XFastUSB\XFastUsb.exe
    PRC - [2012/07/12 06:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2012/04/20 13:11:32 | 000,462,048 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe
    PRC - [2011/10/19 15:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\spd.exe
    PRC - [2011/10/19 15:19:20 | 001,202,560 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
    PRC - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
    PRC - [2009/07/08 14:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
    PRC - [2009/02/23 15:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2000/01/01 12:00:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2000/01/01 12:00:00 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2000/01/01 12:00:00 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2000/01/01 12:00:00 | 000,088,696 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/08/26 10:24:02 | 000,592,896 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~de6248.tmp
    MOD - [2014/08/26 10:24:00 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~df394b.tmp
    MOD - [2014/08/07 15:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
    MOD - [2014/08/07 15:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
    MOD - [2014/08/07 15:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
    MOD - [2014/02/13 10:31:10 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
    MOD - [2014/02/13 10:31:02 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fd639d8d8def70deaf3b26cd073577f3\System.Runtime.Remoting.ni.dll
    MOD - [2014/02/13 10:30:31 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
    MOD - [2014/02/13 09:47:45 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    MOD - [2014/02/13 09:46:31 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
    MOD - [2014/02/13 09:40:50 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
    MOD - [2014/02/13 09:40:03 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
    MOD - [2014/02/13 09:39:30 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
    MOD - [2014/02/13 09:39:06 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    MOD - [2014/02/13 09:38:31 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
    MOD - [2014/01/20 12:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/01/20 12:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/03/28 18:27:48 | 017,433,088 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    MOD - [2013/03/28 18:26:22 | 000,570,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    MOD - [2013/03/28 18:26:14 | 000,035,840 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    MOD - [2013/03/20 17:29:20 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    MOD - [2013/03/20 17:06:28 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
    MOD - [2000/01/01 12:00:00 | 001,198,912 | ---- | M] () -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2014/08/21 10:47:14 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/07/11 02:59:05 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
    SRV - [2012/11/22 14:53:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/11/22 14:52:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
    SRV - [2012/07/12 06:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/10/19 15:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
    SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV - [2009/02/23 15:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2000/01/01 12:00:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2000/01/01 12:00:00 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2000/01/01 12:00:00 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2000/01/01 12:00:00 | 000,088,696 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2014/08/09 08:41:09 | 000,029,760 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
    DRV - [2014/07/29 10:30:13 | 000,026,328 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsomc.sys -- (ggsomc)
    DRV - [2014/07/29 10:30:13 | 000,013,528 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
    DRV - [2014/05/26 11:15:22 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2013/08/25 09:30:48 | 000,013,120 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2013/06/21 12:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd)
    DRV - [2013/06/21 12:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudobex.sys -- (ssudobex)
    DRV - [2013/06/21 12:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2013/06/21 12:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2013/06/21 12:07:38 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2013/06/21 12:07:38 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus)
    DRV - [2013/06/21 12:07:38 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2013/03/20 17:02:16 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - [2012/11/22 14:50:25 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV - [2012/03/14 08:04:18 | 001,076,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
    DRV - [2012/03/02 09:02:00 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandadb.sys -- (androidusb)
    DRV - [2012/03/02 09:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
    DRV - [2012/03/02 09:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
    DRV - [2012/03/02 09:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
    DRV - [2012/03/02 09:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
    DRV - [2011/08/17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011/07/23 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/07/04 14:18:58 | 001,156,992 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
    DRV - [2011/05/10 15:28:20 | 000,015,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
    DRV - [2010/10/20 15:09:28 | 000,009,216 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2010/10/18 13:12:56 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsmdm.sys -- (zghsmdm)
    DRV - [2010/10/18 13:12:32 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsdiag.sys -- (zghsdiag)
    DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
    DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
    DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
    DRV - [2008/01/15 10:44:08 | 000,063,360 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zebrceb.sys -- (zebrceb)
    DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2000/01/01 12:00:00 | 002,558,200 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2000/01/01 12:00:00 | 001,656,960 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AMBFilt)
    DRV - [2000/01/01 12:00:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (MonFilt)
    DRV - [2000/01/01 12:00:00 | 000,415,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2000/01/01 12:00:00 | 000,270,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
    DRV - [2000/01/01 12:00:00 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{27EA813F-CE09-471A-80EF-DE7EDB1C4A2E}: "URL" = http://www.mysearchresults.com/search?c=0000&t=01&q={searchTerms}
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{2A6B0296-DCC6-4281-BF19-7CF87D2CE5BB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282722&CUI=UN14802986883161318&UM=2&SSPV=TB_C5
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{5EC4BD7B-272F-44D4-BFFF-58057313333F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_130.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 30.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/07/16 23:27:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 30.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2012/12/05 15:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Extensions
    [2014/07/05 22:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions
    [2012/12/14 08:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi

    ========== Chrome ==========

    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
    CHR - Extension: Google Wallet = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

    O1 HOSTS File: ([2014/07/05 22:31:41 | 000,000,782 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 54.225.95.126 fjnoekdlmmjagmmlchagfonjgbioomoo
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O4 - HKLM..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1 File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
    O4 - HKLM..\Run: [XFastUSB] C:\Program Files\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1 File not found
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [ASRockXTU] File not found
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-854245398-1275210071-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/w...?1353839826781 (WUWebControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1E23DEE-5F9B-4927-96C7-F806D00524F6}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/11/22 12:49:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2014/03/29 03:53:57 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell - "" = AutoRun
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c2461707-3450-11e2-9c62-bc5ff4448839}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/08/26 09:51:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Xtrakt\Recent
    [2014/08/22 11:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Desktop\193
    [2014/08/21 10:47:12 | 017,903,280 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2014/08/19 23:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/08/19 23:06:58 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/08/19 23:06:58 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014/08/19 23:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/07/29 10:30:13 | 000,026,328 | ---- | C] (Sony Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsomc.sys
    [2014/07/29 10:30:13 | 000,013,528 | ---- | C] (Sony Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
    [2014/07/29 10:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Mobile
    [2014/07/29 10:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Mobile
    [2014/07/29 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
    [2014/07/29 09:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Application Data\Teleca
    [2014/07/29 09:42:01 | 000,063,360 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\zebrceb.sys
    [2014/07/29 09:42:01 | 000,012,160 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\zebrwhnt.sys
    [2014/07/29 09:42:01 | 000,012,160 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\zebrwh.sys
    [2014/07/29 09:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Sony Ericsson
    [2014/07/29 09:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xtrakt\Application Data\Sony Ericsson
    [2014/07/29 09:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intuwave
    [2014/07/29 09:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symbian
    [2014/07/29 09:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony Ericsson
    [2014/07/29 09:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Ericsson Shared
    [2014/07/29 09:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    [2014/07/29 09:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
    [2014/07/29 09:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Teleca
    [2014/07/29 09:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
    [2014/07/29 09:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
    [2014/07/29 09:40:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
    [2014/07/29 09:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony
    [2014/07/29 09:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2014/07/29 09:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
    [1 C:\Documents and Settings\Xtrakt\My Documents\*.tmp files -> C:\Documents and Settings\Xtrakt\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/08/26 10:23:58 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
    [2014/08/26 10:23:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/08/26 10:23:55 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2014/08/26 10:23:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/08/26 10:11:50 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/08/26 09:47:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/08/26 09:28:25 | 000,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/08/24 20:08:46 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/08/24 19:57:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
    [2014/08/22 10:16:29 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\PhotoPadReminder.job
    [2014/08/22 10:16:28 | 000,245,655 | ---- | M] () -- C:\Documents and Settings\Xtrakt\Desktop\RapNomination.png
    [2014/08/21 10:47:14 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2014/08/21 10:47:14 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2014/08/21 10:47:12 | 017,903,280 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2014/08/19 23:07:06 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/08/15 18:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2014/08/09 08:41:09 | 000,029,760 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH_305.SYS
    [2014/08/08 15:00:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2014/07/29 10:32:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsomc_01009.Wdf
    [2014/07/29 10:32:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01009.Wdf
    [2014/07/29 10:30:13 | 000,026,328 | ---- | M] (Sony Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsomc.sys
    [2014/07/29 10:30:13 | 000,013,528 | ---- | M] (Sony Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
    [2014/07/29 09:35:55 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
    [1 C:\Documents and Settings\Xtrakt\My Documents\*.tmp files -> C:\Documents and Settings\Xtrakt\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/08/22 10:12:50 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\PhotoPadReminder.job
    [2014/08/22 09:28:23 | 000,245,655 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Desktop\RapNomination.png
    [2014/08/19 23:07:06 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/07/29 10:32:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsomc_01009.Wdf
    [2014/07/29 10:32:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01009.Wdf
    [2014/07/29 09:41:34 | 000,000,288 | ---- | C] () -- C:\WINDOWS\mrinstu.iss
    [2014/07/29 09:35:55 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
    [2014/03/28 17:59:49 | 000,013,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2013/11/24 08:07:57 | 000,458,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-854245398-1275210071-725345543-1004-0.dat
    [2013/11/03 21:44:34 | 000,179,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/10/14 15:57:08 | 000,678,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/09/04 15:53:29 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2013/09/04 15:53:29 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2013/09/04 15:53:29 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2013/09/04 15:53:29 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2013/09/04 15:53:29 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2013/09/04 15:53:29 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2013/09/04 15:53:29 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2013/09/04 15:53:29 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2013/09/04 15:53:29 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2013/09/04 15:53:29 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2013/09/04 15:53:29 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2013/09/04 15:53:29 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2013/09/04 15:53:29 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2013/09/04 15:53:29 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2013/09/04 15:53:29 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2013/09/04 15:53:29 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2013/09/04 15:53:29 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2013/09/04 15:53:29 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2013/09/04 15:53:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2013/09/04 15:36:40 | 000,002,148 | ---- | C] () -- C:\WINDOWS\Estwn322.ini
    [2013/09/04 15:36:40 | 000,002,142 | ---- | C] () -- C:\WINDOWS\Estwain2.ini
    [2013/09/01 10:12:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Epscan2.INI
    [2013/08/19 14:17:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2013/08/19 14:17:22 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2013/08/14 11:03:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
    [2013/08/14 11:03:01 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2013/08/12 22:48:39 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/08/06 13:58:54 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/04/17 20:02:22 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv6
    [2013/03/20 17:02:22 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2013/03/20 17:02:20 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2013/03/20 17:02:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2013/03/20 17:02:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2013/03/20 17:02:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2013/01/30 13:37:42 | 000,111,664 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\VideoPad.dmp
    [2012/12/11 14:07:26 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
    [2012/12/02 21:45:08 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/11/30 11:28:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2012/11/26 09:09:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/11/23 01:39:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2012/11/23 01:38:59 | 000,158,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/11/22 20:07:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Application Data\$_hpcst$.hpc
    [2012/11/22 19:59:48 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
    [2012/11/22 15:05:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
    [2012/11/22 14:53:35 | 000,011,323 | R--- | C] () -- C:\WINDOWS\System32\CTSBAMB.INI
    [2012/11/22 14:52:57 | 000,014,040 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
    [2012/11/22 14:52:57 | 000,005,288 | ---- | C] () -- C:\WINDOWS\xFi_MiddleLayerKey32.ini
    [2012/11/22 14:52:36 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\AMBSPI.DLL
    [2012/11/22 14:50:34 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Xtrakt\Local Settings\Application Data\user_data.ini
    [2012/11/22 14:40:52 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2012/11/22 14:40:15 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2012/11/22 14:40:15 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2012/11/22 14:39:09 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [2012/11/22 14:39:09 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2012/11/22 14:39:08 | 000,963,144 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
    [2012/11/22 14:39:08 | 000,261,208 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
    [2012/11/22 14:39:08 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
    [2012/11/22 12:50:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012/11/22 12:46:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    ========== ZeroAccess Check ==========

    [2012/11/25 20:52:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/10 00:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 4 bytes -> C:\Temp:rnd.dat
    @Alternate Data Stream - 4 bytes -> C:\Tempid2
    @Alternate Data Stream - 4 bytes -> C:\Tempid1
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:373E1720
    @Alternate Data Stream - 1123 bytes -> C:\Temp:list

    < End of report >

    OTL Extras logfile created on: 8/26/2014 10:27:32 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Xtrakt\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.22 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.68% Memory free
    5.06 Gb Paging File | 4.47 Gb Available in Paging File | 88.27% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 200.00 Gb Total Space | 117.49 Gb Free Space | 58.74% Space Free | Partition Type: NTFS
    Drive E: | 265.76 Gb Total Space | 122.55 Gb Free Space | 46.11% Space Free | Partition Type: NTFS

    Computer Name: LWRAKL-2112 | User Name: Xtrakt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-854245398-1275210071-725345543-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "94:TCP" = 94:TCP:*:Enabled:VRS Recording System TCP/IP Port
    "4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Viber\Viber.exe" = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Viber\Viber.exe:*:Enabled:Viber -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
    "C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
    "C:\Program Files\IAHGames\Counter-Strike Online\Bin\NMService.exe" = C:\Program Files\IAHGames\Counter-Strike Online\Bin\NMService.exe:*:Enabled:Nexon Messenger Core
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
    "C:\Program Files\tixati\tixati.exe" = C:\Program Files\tixati\tixati.exe:*:Enabled:Tixati -- (Tixati Software Inc.)
    "C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe" = C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe:*:Enabled:TwonkyMedia
    "C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe" = C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer
    "C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe" = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe:*:Enabled:TwonkyMediaManager
    "C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Viber\Viber.exe" = C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Viber\Viber.exe:*:Enabled:Viber -- ()
    "C:\Program Files\Bench\Proxy\proc.exe" = C:\Program Files\Bench\Proxy\proc.exe:*:Enabled:Proxy
    "C:\Program Files\Bench\Proxy\pwdg.exe" = C:\Program Files\Bench\Proxy\pwdg.exe:*:Enabled:Proxy
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
    "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe" = C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module -- (Intuwave Ltd.)
    "C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe" = C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe:*:Enabled:Update Engine -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A37EE62-9A58-420D-90CC-4E52153112EE}" = iTunes
    "{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
    "{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
    "{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
    "{152A537F-45E9-4B15-8847-2E3E5BE61859}" = Intel Trusted Connect Service Client
    "{15ed2117-5da1-4ca4-ae6b-c332d6eae862}" = Serato DJ 1.0
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 65
    "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36235A3F-92C7-4F90-84E7-3697C59AD369}" = Sony ACID 4.0f
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F844BF4-CA63-4E1A-9374-FA7F95A72E65}" = Serato DJ 1.0
    "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.7
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}" = Apple Mobile Device Support
    "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}" = VirtualDJ 8
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
    "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
    "{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
    "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CA236E47-2B28-40F3-8DDB-45BE148AD986}" = TP-LINK TL-WN725N Driver
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
    "{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EBED0919-4BD0-4718-BA7A-5D2B503F9BC6}_is1" = ZTE Handset USB Driver 5.2066.1.7
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.211
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
    "ASRock App Charger_is1" = ASRock App Charger v1.0.5
    "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.169
    "ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EPSON Scan! II" = EPSON Scan! II
    "EPSON Scanner" = EPSON Scan
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileHippo.com" = FileHippo.com Update Checker
    "FileViewPro_is1" = FileViewPro
    "FileZilla Client" = FileZilla Client 3.7.1
    "FL Studio 11" = FL Studio 11
    "Free MP4 to VOB Converter" = Free MP4 to VOB Converter 2.0.1
    "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.9.822
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "LG PC Suite IV" = LG PC Suite IV
    "M4a to MP3 Converter Free_is1" = M4a to MP3 Converter Free 3.6.1
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Mozilla Thunderbird 30.0 (x86 en-US)" = Mozilla Thunderbird 30.0 (x86 en-US)
    "mRouterRuntime" =
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "PhotoPad" = PhotoPad Image Editor
    "PokerStars" = PokerStars
    "Prism" = Prism Video File Converter
    "PSP Video 9" = PSP Video 9 6
    "ScreenshotCaptor_is1" = Screenshot Captor 3.05.01
    "Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
    "Sublime Text 2_is1" = Sublime Text 2.0.2
    "tixati" = Tixati
    "Update Engine" = Sony Mobile Update Engine
    "VideoPad" = VideoPad Video Editor
    "VLC media player" = VLC media player 2.0.4
    "WavePad" = WavePad Sound Editor
    "Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 5.00 beta 5 (32-bit)
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XFast LAN" = XFast LAN v6.61
    "XFastUSB" = XFastUSB

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-854245398-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "soe-DC Universe Online" = DC Universe Online
    "SOE-DC Universe Online Live" = DC Universe Online Live
    "Viber" = Viber
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/24/2014 3:28:27 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/24/2014 3:28:27 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/24/2014 3:57:01 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/24/2014 3:57:01 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/25/2014 5:28:51 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/25/2014 5:28:51 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/25/2014 6:01:53 PM | Computer Name = LWRAKL-2112 | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.0.0.532, faulting module
    msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.

    Error - 8/25/2014 6:02:02 PM | Computer Name = LWRAKL-2112 | Source = Application Error | ID = 1001
    Description = Fault bucket 209587970.

    Error - 8/25/2014 6:23:58 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/25/2014 6:23:58 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    [ Application Events ]
    Error - 8/24/2014 3:28:27 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/24/2014 3:28:27 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/24/2014 3:57:01 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/24/2014 3:57:01 AM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/25/2014 5:28:51 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/25/2014 5:28:51 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/25/2014 6:01:53 PM | Computer Name = LWRAKL-2112 | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.0.0.532, faulting module
    msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.

    Error - 8/25/2014 6:02:02 PM | Computer Name = LWRAKL-2112 | Source = Application Error | ID = 1001
    Description = Fault bucket 209587970.

    Error - 8/25/2014 6:23:58 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EE7

    Error - 8/25/2014 6:23:58 PM | Computer Name = LWRAKL-2112 | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    [ System Events ]
    Error - 8/19/2014 6:40:24 AM | Computer Name = LWRAKL-2112 | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 8/19/2014 7:04:02 AM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/19/2014 7:04:02 AM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 4:55:11 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 4:55:11 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 5:31:17 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 5:31:17 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/21/2014 4:50:02 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/21/2014 4:50:02 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/24/2014 3:29:14 AM | Computer Name = LWRAKL-2112 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    [ System Events ]
    Error - 8/19/2014 6:40:24 AM | Computer Name = LWRAKL-2112 | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 8/19/2014 7:04:02 AM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/19/2014 7:04:02 AM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 4:55:11 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 4:55:11 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 5:31:17 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/20/2014 5:31:17 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/21/2014 4:50:02 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/21/2014 4:50:02 PM | Computer Name = LWRAKL-2112 | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 8/24/2014 3:29:14 AM | Computer Name = LWRAKL-2112 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.


    < End of report >

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Run the Malwarebytes clean tool found Here Don't reinstall yet.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner



    Post the adwCleaner log

  6. #6
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    # AdwCleaner v3.308 - Report created 26/08/2014 at 11:17:19
    # Updated 20/08/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Xtrakt - LWRAKL-2112
    # Running from : C:\Documents and Settings\Xtrakt\My Documents\Downloads\adwcleaner_3.308.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions\user.js
    File Found : C:\Documents and Settings\Xtrakt\daemonprocess.txt
    File Found : C:\END
    File Found : C:\WINDOWS\system32\roboot.exe
    Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch
    Folder Found : C:\Documents and Settings\All Users\Application Data\NCH Software
    Folder Found : C:\Documents and Settings\All Users\Application Data\Rightapp software
    Folder Found : C:\Documents and Settings\All Users\Application Data\SNT
    Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\FlvPlayer
    Folder Found : C:\Documents and Settings\All Users\Uniblue
    Folder Found : C:\Documents and Settings\All Users\Uniblue\DriverScanner
    Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\torch
    Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torch
    Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torch
    Folder Found : C:\Documents and Settings\Xtrakt\Application Data\GrabPro
    Folder Found : C:\Documents and Settings\Xtrakt\Application Data\NCH Software
    Folder Found : C:\Documents and Settings\Xtrakt\Application Data\Systweak
    Folder Found : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\genienext
    Folder Found : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\torch
    Folder Found : C:\Program Files\Bench
    Folder Found : C:\Program Files\NCH Software

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
    Key Found : HKCU\Software\OCS
    Key Found : HKCU\Software\RegisteredApplicationsEx
    Key Found : HKCU\Software\systweak
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Found : HKLM\SOFTWARE\AdvertisingSupport
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
    Key Found : HKLM\SOFTWARE\Classes\net
    Key Found : HKLM\SOFTWARE\Classes\net.5.14
    Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
    Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
    Key Found : HKLM\SOFTWARE\Classes\speedupmypc
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\FlvPlayer
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FindRight
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sl-dlc
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\System Speedup_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Found : HKLM\SOFTWARE\systweak
    Key Found : HKLM\SOFTWARE\Uniblue
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Bench\Proxy\proc.exe]
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Bench\Proxy\pwdg.exe]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v

    [ File : C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js ]


    -\\ Google Chrome v36.0.1985.143

    [ File : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R2].txt - [11451 octets] - [26/08/2014 11:17:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [11512 octets] ##########

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    OK.

    That's the scan option in adwCleaner, run the clean option so the Malware gets deleted.

    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.



    Next


    We need to do a fix to delete some files using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      IE - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\SearchScopes\{2A6B0296-DCC6-4281-BF19-7CF87D2CE5BB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282722&CUI=UN14802986883161318&UM=2&SSPV=TB_C5
      O1 - Hosts: 54.225.95.126 fjnoekdlmmjagmmlchagfonjgbioomoo
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-21-854245398-1275210071-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
      O4 - HKLM..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1 File not found
      O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
      O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1 File not found
      O4 - HKU\S-1-5-21-854245398-1275210071-725345543-1004..\Run: [ASRockXTU] File not found
      O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
      O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
      @Alternate Data Stream - 4 bytes -> C:\Temp:rnd.dat
      @Alternate Data Stream - 4 bytes -> C:\Temp:id2
      @Alternate Data Stream - 4 bytes -> C:\Temp:id1
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:373E1720
      @Alternate Data Stream - 1123 bytes -> C:\Temp:list
      
      :Files
      
      ipconfig /flushdns /c
      
      :Commands
      
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    In your next reply post the:

    1-JRT.TXT
    2-OTL Fix log
    3- New OTL after quick scan

    Thanks
    Joe

  8. #8
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Whoops, apologies here is the adwCleaner fix scan below

    # AdwCleaner v3.308 - Report created 26/08/2014 at 23:50:40
    # Updated 20/08/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Xtrakt - LWRAKL-2112
    # Running from : C:\Documents and Settings\Xtrakt\My Documents\Downloads\adwcleaner_3.308.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Rightapp software
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\SNT
    Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FlvPlayer
    Folder Deleted : C:\Program Files\Bench
    Folder Deleted : C:\Program Files\NCH Software
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch
    Folder Deleted : C:\Documents and Settings\All Users\Uniblue
    Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\torch
    Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torch
    Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torch
    Folder Deleted : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\genienext
    Folder Deleted : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\torch
    Folder Deleted : C:\Documents and Settings\Xtrakt\Application Data\GrabPro
    Folder Deleted : C:\Documents and Settings\Xtrakt\Application Data\NCH Software
    Folder Deleted : C:\Documents and Settings\Xtrakt\Application Data\Systweak
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbpboigiecfpoebniaeimflphbbfgpmd
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    [!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpololhhlleclioneggljnojmjlojehh
    File Deleted : C:\END
    File Deleted : C:\WINDOWS\system32\roboot.exe
    File Deleted : C:\Documents and Settings\Xtrakt\daemonprocess.txt
    File Deleted : C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\net
    Key Deleted : HKLM\SOFTWARE\Classes\net.5.14
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Bench\Proxy\proc.exe]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Bench\Proxy\pwdg.exe]
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\OCS
    Key Deleted : HKCU\Software\RegisteredApplicationsEx
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\FlvPlayer
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FindRight
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sl-dlc
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\System Speedup_is1

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v

    [ File : C:\Documents and Settings\Xtrakt\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js ]


    -\\ Google Chrome v36.0.1985.143

    [ File : C:\Documents and Settings\Xtrakt\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R2].txt - [11593 octets] - [26/08/2014 11:17:19]
    AdwCleaner[R3].txt - [11654 octets] - [26/08/2014 23:50:05]
    AdwCleaner[S1].txt - [11820 octets] - [26/08/2014 23:50:40]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11881 octets] ##########

  9. #9
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Xtrakt on Tue 08/26/2014 at 23:55:51.25
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-854245398-1275210071-725345543-1004\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{27EA813F-CE09-471A-80EF-DE7EDB1C4A2E}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2A6B0296-DCC6-4281-BF19-7CF87D2CE5BB}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\Xtrakt\Application Data\red kawa"
    Successfully deleted: [Folder] "C:\Program Files\myfree codec"
    Successfully deleted: [Folder] "C:\Program Files\red kawa"





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 08/26/2014 at 23:57:57.85
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  10. #10
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{2A6B0296-DCC6-4281-BF19-7CF87D2CE5BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A6B0296-DCC6-4281-BF19-7CF87D2CE5BB}\ not found.
    54.225.95.126 fjnoekdlmmjagmmlchagfonjgbioomoo removed from HOSTS file successfully
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-854245398-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    ADS C:\Temp:rnd.dat deleted successfully.
    Unable to delete ADS C:\Temp:id2 .
    Unable to delete ADS C:\Temp:id1 .
    ADS C:\Documents and Settings\All Users\Application Data\Temp:373E1720 deleted successfully.
    ADS C:\Temp:list deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Xtrakt\My Documents\Downloads\cmd.bat deleted successfully.
    C:\Documents and Settings\Xtrakt\My Documents\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest

    User: HelpAssistant

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33186 bytes

    User: NetworkService
    ->Temp folder emptied: 2530251 bytes
    ->Temporary Internet Files folder emptied: 102971445 bytes

    User: SUPPORT_388945a0

    User: Xtrakt
    ->Temp folder emptied: 4216337 bytes
    ->Temporary Internet Files folder emptied: 6210662 bytes
    ->Google Chrome cache emptied: 136232833 bytes
    ->Flash cache emptied: 609 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 32768 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 171512718 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 404.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 08272014_000011

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Xtrakt\Local Settings\Temp\WCESLog.log moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

Page 1 of 3 123 LastLast