Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Twunk_32.exe removal assistance.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Twunk_32.exe removal assistance.

Unread postby kngpin90 » January 14th, 2014, 5:46 am

I have somehow acquired this malware via utorrent(which has since been removed) and am having trouble getting rid of it via the windows security center software. The most annoying symptom of this malware is that when i play a game online major lag spikes and rapid FPS dropping occur. Another symptom is upon opening the task manager under the process tab all of them have "*32" attached to them. I.E: Chrome.exe *32, iTunesHelper.exe *32.

Any assistance with this matter would be greatly appreciated.

--Kngpin90

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2013 8:07:16 PM
System Uptime: 1/13/2014 6:33:46 PM (10 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KC
Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz | LGA775 | 2997/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 411.368 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 232.789 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP24: 1/8/2014 6:00:20 PM - Windows Update
RP25: 1/12/2014 1:44:08 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
DisplayFusion 5.1.1
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
iTunes
League of Legends
LOLReplay
Microsoft .NET Framework 4.5.1
Microsoft Office Professional Plus 2013 - en-us
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 331.82
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Razer Synapse 2.0
SHIELD Streaming
Skype™ 6.11
Steam
VC80CRTRedist - 8.0.50727.6195
War for the Overworld Bedrock Beta
.
==== Event Viewer Messages From Past Week ========
.
1/9/2014 6:36:21 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
1/12/2014 1:49:53 PM, Error: AtcL001 [194] -
.
==== End Of File ===========================


DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Papa at 4:41:46 on 2014-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4092 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.66\deploy\LolClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\twunk_32.exe
C:\Windows\twunk_32.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Itbhsoft] regsvr32.exe C:\Users\Papa\AppData\Local\Itbhsoft\nvHelper24.dll
uRunOnce: [{8FA5C9B0-F2BE-C0B0-E656-894187F97F7A}] C:\Users\Papa\AppData\Local\Temp\qrgjiwwg.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
StartupFolder: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/s ... wflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{15DA2BC4-9E8C-4D4C-86F1-A5AF5BE7EDDC} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-12-28 1375600]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-7 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-26 15129376]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-12-26 1907896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-10-13 61440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-7 39200]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-26 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-11-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-26 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-26 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-25 1255736]
.
=============== Created Last 30 ================
.
2014-01-14 08:22:57 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6689410-3B32-4095-B4AA-7D1B2A10011D}\offreg.dll
2014-01-13 23:44:55 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6689410-3B32-4095-B4AA-7D1B2A10011D}\mpengine.dll
2014-01-13 11:43:41 -------- d-----w- C:\Users\Papa\AppData\Local\Itbhsoft
2014-01-13 11:43:36 94232 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp5064.exe
2014-01-13 01:38:51 315392 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp9B4C.exe
2014-01-12 06:44:32 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-09 01:31:54 376832 ----a-w- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe
2014-01-09 01:31:43 2179584 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2014-01-09 00:25:03 -------- d-----w- C:\Users\Papa\AppData\Local\pyGraboid
2014-01-09 00:23:53 -------- d-----w- C:\Users\Papa\AppData\Roaming\Graboid Inc
2014-01-09 00:15:16 -------- d-----w- C:\Users\Papa\AppData\Roaming\NVIDIA
2014-01-09 00:03:26 -------- d-----w- C:\Program Files\DivX
2014-01-09 00:03:17 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2014-01-09 00:01:35 -------- d-----w- C:\ProgramData\DivX
2014-01-07 20:49:48 -------- d-----w- C:\Users\Papa\AppData\Local\NVIDIA Corporation
2014-01-07 20:47:28 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-01-07 20:47:28 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-01-06 02:07:22 -------- d-----w- C:\Users\Papa\AppData\Roaming\uTorrent
2014-01-02 08:11:16 -------- d-----w- C:\Program Files (x86)\LOLReplay
2013-12-30 19:18:59 238088 ----a-w- C:\Windows\SysWow64\xactengine3_1.dll
2013-12-30 19:15:16 -------- d-----w- C:\ProgramData\Package Cache
2013-12-29 04:05:25 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-12-29 04:05:23 -------- d-----w- C:\Program Files (x86)\Steam
2013-12-29 03:12:48 -------- d-----w- C:\Users\Papa\AppData\Local\Razer
2013-12-29 03:08:55 -------- d-----w- C:\Users\Papa\AppData\Local\Apple Computer
2013-12-29 03:08:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-12-29 03:07:18 -------- d-----w- C:\Program Files\iPod
2013-12-29 03:07:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-29 03:07:17 -------- d-----w- C:\Program Files\iTunes
2013-12-29 03:07:17 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-29 03:06:43 -------- d-----w- C:\Users\Papa\AppData\Local\Apple
2013-12-29 03:06:22 -------- d-----w- C:\Program Files\Bonjour
2013-12-29 03:06:22 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-12-29 01:45:09 -------- d-sh--w- C:\Users\Papa\AppData\Roaming\Common
2013-12-29 01:45:06 -------- d-----w- C:\Users\Papa\AppData\Roaming\DisplayFusion
2013-12-29 01:44:46 -------- d-----w- C:\ProgramData\Binary Fortress Software
2013-12-29 01:44:37 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2013-12-29 01:44:12 -------- d-----w- C:\Users\Papa\AppData\Local\Programs
2013-12-27 07:48:48 -------- d-----w- C:\Users\Papa\AppData\Roaming\LolClient
2013-12-27 07:48:07 -------- d-----w- C:\Users\Papa\AppData\Local\Diagnostics
2013-12-27 01:54:05 -------- d-----r- C:\Program Files (x86)\Skype
2013-12-27 01:50:24 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2013-12-27 01:50:24 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2013-12-27 01:50:24 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2013-12-27 01:50:24 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2013-12-27 01:50:23 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2013-12-27 01:49:07 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-12-27 01:49:04 -------- d-----w- C:\Riot Games
2013-12-27 01:45:35 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-12-27 01:45:06 -------- d-----w- C:\Users\Papa\AppData\Roaming\Riot Games
2013-12-27 01:42:46 -------- d-----w- C:\Users\Papa\AppData\Local\Google
2013-12-27 01:42:29 -------- d-----w- C:\Users\Papa\AppData\Local\Apps
2013-12-27 01:42:28 -------- d-----w- C:\Users\Papa\AppData\Local\Deployment
2013-12-26 23:19:01 814800 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-12-26 23:17:37 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-12-26 23:13:27 -------- d-----w- C:\Program Files\Microsoft Office 15
2013-12-26 22:31:26 2871808 ----a-w- C:\Windows\explorer.exe
2013-12-26 22:31:26 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-12-26 22:31:26 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-12-26 22:31:25 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-26 22:31:25 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-26 22:31:25 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-12-26 22:31:23 67072 ----a-w- C:\Windows\splwow64.exe
2013-12-26 22:31:23 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-12-26 22:16:50 -------- d-----w- C:\Windows\Migration
2013-12-26 22:14:14 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-12-26 22:14:14 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-12-26 22:14:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-12-26 22:14:13 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-12-26 22:14:13 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-12-26 22:14:13 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-12-26 22:14:13 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-12-26 19:37:59 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-26 19:37:59 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-26 19:37:59 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-26 19:37:58 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-26 19:14:50 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-12-26 19:03:14 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-12-26 18:58:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-12-26 18:58:23 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-12-26 18:29:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-12-26 18:28:56 41472 ----a-w- C:\Windows\System32\lpk.dll
2013-12-26 18:27:59 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-12-26 18:26:56 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-12-26 18:22:19 -------- d-----w- C:\Users\Papa\AppData\Local\NVIDIA
2013-12-26 18:20:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-26 18:20:00 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-26 18:11:34 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-12-26 18:11:34 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-12-26 18:11:34 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-12-26 18:11:34 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-12-26 18:11:34 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-12-26 18:09:23 -------- d-----w- C:\NVIDIA
2013-12-26 17:41:13 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-12-26 17:40:50 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-26 17:40:50 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-26 17:40:50 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-26 17:40:50 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-26 17:40:50 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-12-26 17:40:50 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-26 17:40:15 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-12-26 17:40:15 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-12-26 17:39:55 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-12-26 17:39:49 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-12-26 17:33:42 -------- d-----w- C:\Windows\System32\SPReview
2013-12-26 17:33:30 -------- d-----w- C:\Windows\System32\EventProviders
2013-12-26 17:27:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-12-26 17:27:52 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-12-26 17:27:25 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-12-26 17:13:09 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-12-26 17:13:09 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-12-26 17:13:04 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2013-12-26 17:13:01 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2013-12-26 17:11:59 856576 ----a-w- C:\Windows\SysWow64\FirewallControlPanel.dll
2013-12-26 17:10:59 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2013-12-26 17:08:23 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-12-26 17:08:23 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-12-26 17:08:12 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2013-12-26 03:57:41 -------- d-----w- C:\Windows\Panther
2013-12-26 03:57:28 -------- d-sh--w- C:\Boot
2013-12-26 02:47:39 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-12-26 02:47:39 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-12-26 02:47:38 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-12-26 02:47:38 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-12-26 02:47:38 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-12-26 02:47:38 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-12-26 02:47:38 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-12-26 02:47:38 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-12-26 02:47:38 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-12-26 02:47:38 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-12-26 02:39:19 -------- d-sh--w- C:\Windows\Installer
2013-12-26 02:32:06 -------- d-----w- C:\Windows\SysWow64\Wat
2013-12-26 02:32:06 -------- d-----w- C:\Windows\System32\Wat
2013-12-26 02:03:58 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-12-26 02:03:58 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-12-26 02:03:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-12-26 01:44:18 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-12-26 01:44:18 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-12-26 01:44:18 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-12-26 01:44:18 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-12-26 01:44:18 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-12-26 01:44:18 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-12-26 01:44:18 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-12-26 01:40:45 -------- d-----w- C:\Windows\System32\MRT
2013-12-26 01:40:23 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-12-26 01:40:22 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-12-26 01:40:22 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-12-26 01:37:12 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6BDE4DD-B26A-4149-96ED-32D9ACEB7349}\mpengine.dll
2013-12-26 01:37:11 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-26 01:30:59 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2013-12-26 01:29:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-12-26 01:28:59 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-12-26 01:28:59 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-12-26 01:28:58 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-12-26 01:28:58 39424 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2013-12-26 01:26:40 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-12-26 01:26:40 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-12-26 01:21:32 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-12-26 01:21:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-12-26 01:21:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2013-12-26 01:17:50 -------- d-----w- C:\Users\Papa\AppData\Local\WindowsUpdate
2013-12-26 01:14:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-26 01:14:01 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-26 01:11:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-12-26 01:11:24 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-12-26 01:11:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-12-26 01:08:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
.
==================== Find3M ====================
.
2013-12-26 17:49:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-12-26 17:49:19 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-15 06:37:16 39080 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
2013-11-15 06:37:14 149160 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2013-11-15 06:32:00 57344 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2013-11-15 06:32:00 154112 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2013-11-15 06:31:58 834560 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2013-11-15 06:31:56 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2013-11-15 06:31:56 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-11 13:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-27 14:12:42 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll
2013-10-27 14:12:42 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 4:42:02.28 ===============
kngpin90
Active Member
 
Posts: 5
Joined: January 14th, 2014, 4:38 am
Advertisement
Register to Remove

Re: Twunk_32.exe removal assistance.

Unread postby Cypher » January 14th, 2014, 12:02 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

There are a few things to do here so just take your time.
First as an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Right-click on erunt_setup.exe and select " Run as administrator " to run it.
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.

Next.

Please download MGA Diagnostic Tool and save it to your Desktop.

  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Next..

Please download Malwarebytes' Anti-Malware and save to your desktop.
  • Right-click mbam-setup.exe and select Run As Administrator to run it, and follow the prompts to install the program.
  • Follow the prompts and at the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next...

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next....

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • MGADiag log.
  • Malwarebytes log.
  • AdwCleaner log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Twunk_32.exe removal assistance.

Unread postby kngpin90 » January 15th, 2014, 12:18 am

MGA Diagnostic:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-TPMRF-6B72M-3DVPY
Windows Product Key Hash: Ppk+D99QlFuCZn/OzLBUh0roglI=
Windows Product ID: 00359-030-0124403-85963
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {D466495A-2600-44BB-9FEF-A6EF1E8CE62B}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D466495A-2600-44BB-9FEF-A6EF1E8CE62B}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3DVPY</PKey><PID>00359-030-0124403-85963</PID><PIDType>5</PIDType><SID>S-1-5-21-3888130842-373282020-1778690309</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>P5KC</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1203 </Version><SMBIOSVersion major="2" minor="4"/><Date>20080625000000.000000+000</Date></BIOS><HWID>9C373A07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-030-012440-01-1033-7600.0000-3592013
Installation ID: 021480255795973005774384554250056611401972487721030914
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3DVPY
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 1/14/2014 10:43:25 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:26:2013 15:15
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAEABgABAAEAAAADAAAAAQABAAEAln0m0S72PvoCpXTmiP0IhQqAyq6A0lyjp8z3OLzaKoU=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A_M_I_ OEMAPIC
FACP A_M_I_ OEMFACP
HPET A_M_I_ OEMHPET
MCFG A_M_I_ OEMMCFG
OEMB A_M_I_ AMI_OEM
OSFR A_M_I_ OEMOSFR


Malwarebytes Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Papa :: PAPA-PC [administrator]

1/14/2014 10:45:57 PM
mbam-log-2014-01-14 (22-45-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213438
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Papa\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Papa\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Users\Papa\AppData\Roaming\verison.dll (Trojan.Agent.ED) -> Delete on reboot.
C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Papa\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Papa\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Papa\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Papa\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Papa\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)


ADWCleaner Log:

# AdwCleaner v3.017 - Report created 14/01/2014 at 23:03:38
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Papa - PAPA-PC
# Running from : C:\Users\Papa\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [853 octets] - [14/01/2014 23:02:43]
AdwCleaner[S0].txt - [738 octets] - [14/01/2014 23:03:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [797 octets] ##########

OTL Txt:

OTL logfile created on: 1/14/2014 11:07:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Papa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 76.57% Memory free
16.00 Gb Paging File | 13.82 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 410.71 Gb Free Space | 88.18% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.79 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/14 23:07:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe
PRC - [2013/12/26 20:47:33 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/09 21:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/09 21:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/27 12:24:36 | 000,284,008 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
PRC - [2013/11/17 20:06:00 | 000,442,712 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2013/11/14 06:55:37 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/14 22:47:47 | 008,866,472 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2013/12/26 18:27:05 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\19156dbc54c3ded7ba00c53d19b6ee96\PresentationFramework-SystemXml.ni.dll
MOD - [2013/12/26 18:27:05 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\64c51ef21713c34883a839dd202ff655\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2013/12/26 18:26:15 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll
MOD - [2013/12/26 18:26:14 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\49d7f498821498b3d5e9fe5bafceba41\System.Xml.Linq.ni.dll
MOD - [2013/12/26 17:21:44 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll
MOD - [2013/12/26 17:21:43 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\13f5eb7285c90c219d2be24eebb55cd9\System.Management.ni.dll
MOD - [2013/12/26 17:21:41 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll
MOD - [2013/12/26 17:21:34 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll
MOD - [2013/12/26 17:21:30 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
MOD - [2013/12/26 17:21:28 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll
MOD - [2013/12/26 17:21:27 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3b483737ce19c597d351cdb1f4eb3da0\System.ServiceModel.Internals.ni.dll
MOD - [2013/12/26 17:21:27 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\5c250132c9d7fb45ec9b331ec2e4ef2e\SMDiagnostics.ni.dll
MOD - [2013/12/26 17:21:26 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\66ce786a0b16af8c3f5c480cd6e84376\System.Runtime.Serialization.ni.dll
MOD - [2013/12/26 17:21:23 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
MOD - [2013/12/26 17:21:22 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll
MOD - [2013/12/26 17:21:16 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2013/12/26 17:21:16 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2013/12/26 17:21:12 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
MOD - [2013/12/26 17:21:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2013/12/26 17:21:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2013/12/03 21:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 21:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 21:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 21:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 21:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/09 21:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/25 20:14:01 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/09 21:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/27 13:43:40 | 001,375,600 | ---- | M] (Binary Fortress Software) [Auto | Running] -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
SRV - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/05 03:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/15 01:37:16 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013/11/15 01:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/10/13 02:15:52 | 000,061,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 17 7B 60 D7 01 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{65EBB89D-6016-4F56-93D6-860CC2C4933D}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Mobafire LoL Guides = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffcllnfdoihnefjhalnfanpcfplkdip\2.0.9.0_0\
CHR - Extension: YouTube = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: AdBlock = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: Google Wallet = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [Itbhsoft] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15DA2BC4-9E8C-4D4C-86F1-A5AF5BE7EDDC}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/14 23:07:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe
[2014/01/14 23:02:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/14 22:45:25 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Malwarebytes
[2014/01/14 22:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/14 22:45:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/14 22:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/14 22:44:36 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Papa\Desktop\mbam-setup-1.75.0.1300.exe
[2014/01/14 22:43:44 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2014/01/14 22:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2014/01/14 22:42:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/14 22:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/14 22:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/01/14 08:51:40 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\Custom Office Templates
[2014/01/13 06:43:41 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Itbhsoft
[2014/01/08 19:25:03 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\pyGraboid
[2014/01/08 19:23:53 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Graboid Inc
[2014/01/08 19:15:16 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\NVIDIA
[2014/01/08 19:03:42 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\DivX
[2014/01/08 19:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2014/01/08 19:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2014/01/08 19:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2014/01/07 15:49:48 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\NVIDIA Corporation
[2014/01/05 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\uTorrent
[2014/01/05 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\Papa\Desktop\Tor Browser
[2014/01/02 03:11:21 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\LOLReplay
[2014/01/02 03:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2013/12/30 14:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/12/28 23:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/12/28 23:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/12/28 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/12/28 22:12:48 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Razer
[2013/12/28 22:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2013/12/28 22:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013/12/28 22:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013/12/28 22:08:55 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Apple Computer
[2013/12/28 22:08:54 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Apple Computer
[2013/12/28 22:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/28 22:08:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/12/28 22:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/28 22:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/28 22:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/12/28 22:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/12/28 22:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/12/28 22:06:43 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Apple
[2013/12/28 22:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/12/28 22:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/28 22:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/28 22:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/28 22:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/12/28 22:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/12/28 20:45:09 | 000,000,000 | -HSD | C] -- C:\Users\Papa\AppData\Roaming\Common
[2013/12/28 20:45:06 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\DisplayFusion
[2013/12/28 20:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Binary Fortress Software
[2013/12/28 20:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
[2013/12/28 20:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion
[2013/12/28 20:44:13 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\DisplayFusion Backups
[2013/12/28 20:44:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Programs
[2013/12/27 02:48:48 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\LolClient
[2013/12/27 02:48:07 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Diagnostics
[2013/12/26 20:54:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Skype
[2013/12/26 20:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/26 20:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/12/26 20:54:05 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/12/26 20:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/12/26 20:49:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/12/26 20:49:04 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/12/26 20:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/12/26 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/12/26 20:45:06 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Riot Games
[2013/12/26 20:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/26 20:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/26 20:42:46 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Google
[2013/12/26 20:42:29 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Apps
[2013/12/26 20:42:28 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Deployment
[2013/12/26 18:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/12/26 18:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/12/26 18:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/12/26 18:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/12/26 18:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/12/26 17:16:50 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/26 13:22:19 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\NVIDIA
[2013/12/26 13:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/12/26 13:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/12/26 13:09:23 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/12/26 12:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/12/26 12:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/12/26 12:40:15 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/12/26 12:40:15 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/12/26 12:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/12/26 12:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/12/26 12:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/12/26 12:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/12/26 12:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/12/26 12:33:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/12/26 12:33:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/12/26 12:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/12/26 12:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/12/26 12:12:05 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/12/26 12:11:42 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/12/25 23:01:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/12/25 22:59:17 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/12/25 22:58:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/12/25 22:57:41 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/12/25 22:57:28 | 000,000,000 | -HSD | C] -- C:\Boot
[2013/12/25 21:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/12/25 21:39:19 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/12/25 21:32:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/12/25 21:32:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/12/25 20:40:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/12/25 20:17:50 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\WindowsUpdate
[2013/12/25 20:14:08 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Macromedia
[2013/12/25 20:14:08 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Adobe
[2013/12/25 20:14:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/12/25 20:13:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/12/25 20:07:56 | 000,000,000 | R--D | C] -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/12/25 20:07:56 | 000,000,000 | R--D | C] -- C:\Users\Papa\Searches
[2013/12/25 20:07:56 | 000,000,000 | R--D | C] -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/12/25 20:07:56 | 000,000,000 | -H-D | C] -- C:\Users\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/12/25 20:07:40 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Identities
[2013/12/25 20:07:34 | 000,000,000 | R--D | C] -- C:\Users\Papa\Contacts
[2013/12/25 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\VirtualStore
[2013/12/25 20:07:24 | 000,000,000 | --SD | C] -- C:\Users\Papa\AppData\Roaming\Microsoft
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\Videos
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\Saved Games
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\Pictures
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\Music
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\Links
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\Favorites
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\Downloads
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\Documents
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\Desktop
[2013/12/25 20:07:24 | 000,000,000 | R--D | C] -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\AppData\Local\Temporary Internet Files
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\Templates
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\Start Menu
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\SendTo
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\Recent
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\PrintHood
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\NetHood
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\Documents\My Videos
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\Documents\My Pictures
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\Documents\My Music
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\My Documents
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\Local Settings
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\AppData\Local\History
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\Cookies
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\Application Data
[2013/12/25 20:07:24 | 000,000,000 | -HSD | C] -- C:\Users\Papa\AppData\Local\Application Data
[2013/12/25 20:07:24 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData
[2013/12/25 20:07:24 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Temp
[2013/12/25 20:07:24 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Microsoft
[2013/12/25 20:07:24 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Media Center Programs
[2013/12/25 20:07:15 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2014/01/14 23:07:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe
[2014/01/14 23:05:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/14 23:04:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/14 23:04:47 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/14 23:03:59 | 000,022,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 23:03:59 | 000,022,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 23:03:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/14 23:02:27 | 001,236,282 | ---- | M] () -- C:\Users\Papa\Desktop\adwcleaner.exe
[2014/01/14 22:56:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/14 22:45:15 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/14 22:44:39 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Papa\Desktop\mbam-setup-1.75.0.1300.exe
[2014/01/14 22:41:54 | 000,000,924 | ---- | M] () -- C:\Users\Papa\Desktop\NTREGOPT.lnk
[2014/01/14 22:41:54 | 000,000,905 | ---- | M] () -- C:\Users\Papa\Desktop\ERUNT.lnk
[2014/01/14 03:31:29 | 000,000,099 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/01/11 16:23:27 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/11 16:23:27 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/11 16:23:27 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/09 19:48:29 | 000,470,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/31 03:03:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/12/30 14:11:04 | 000,000,222 | ---- | M] () -- C:\Users\Papa\Desktop\War for the Overworld Bedrock Beta.url
[2013/12/28 23:05:24 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/12/28 22:15:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzendpt_01009.Wdf
[2013/12/28 22:14:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2013/12/27 02:41:47 | 000,002,279 | ---- | M] () -- C:\Users\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/26 20:49:05 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/12/26 17:18:48 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/26 14:30:09 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/26 14:30:08 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/26 12:28:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/12/25 23:02:27 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/12/25 23:02:27 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/12/25 22:57:29 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/12/25 21:36:16 | 000,001,437 | ---- | M] () -- C:\Users\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2014/01/14 23:02:22 | 001,236,282 | ---- | C] () -- C:\Users\Papa\Desktop\adwcleaner.exe
[2014/01/14 22:45:15 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/14 22:41:54 | 000,000,924 | ---- | C] () -- C:\Users\Papa\Desktop\NTREGOPT.lnk
[2014/01/14 22:41:54 | 000,000,905 | ---- | C] () -- C:\Users\Papa\Desktop\ERUNT.lnk
[2014/01/14 03:31:29 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/12/31 03:03:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/12/30 14:11:04 | 000,000,222 | ---- | C] () -- C:\Users\Papa\Desktop\War for the Overworld Bedrock Beta.url
[2013/12/28 23:05:24 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/12/28 22:15:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzendpt_01009.Wdf
[2013/12/28 22:14:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2013/12/28 22:06:42 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/12/26 20:49:05 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/12/26 20:43:24 | 000,002,279 | ---- | C] () -- C:\Users\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/26 20:42:56 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 20:42:55 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/26 14:30:09 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/26 14:30:08 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/26 13:12:32 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/26 13:10:21 | 000,023,754 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/12/26 12:28:18 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/12/26 12:28:01 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/12/26 12:12:45 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/12/26 12:11:18 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/12/26 12:10:46 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/12/26 12:10:46 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/12/26 12:10:16 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/12/25 23:02:13 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/12/25 23:02:09 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/12/25 22:58:45 | 2146,787,327 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/25 22:57:29 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2013/12/25 22:57:28 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013/12/25 21:03:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/12/25 20:44:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/12/25 20:14:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/25 20:11:12 | 000,001,437 | ---- | C] () -- C:\Users\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/25 20:08:58 | 000,001,413 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/25 20:07:24 | 000,000,290 | ---- | C] () -- C:\Users\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/12/25 20:07:24 | 000,000,272 | ---- | C] () -- C:\Users\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/28 20:45:09 | 000,000,000 | -HSD | M] -- C:\Users\Papa\AppData\Roaming\Common
[2013/12/28 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DisplayFusion
[2014/01/08 19:23:53 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Graboid Inc
[2013/12/27 02:48:48 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\LolClient
[2013/12/26 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Riot Games
[2014/01/14 03:47:57 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >


Extras Txt:

OTL Extras logfile created on: 1/14/2014 11:07:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Papa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 76.57% Memory free
16.00 Gb Paging File | 13.82 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 410.71 Gb Free Space | 88.18% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.79 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073D52C6-524D-4D85-9CFA-AB2FB4C079A9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0ADB898D-4973-45C8-BD65-610259990543}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0CEBA777-06E5-40C8-B4DD-A5FF138E4FEC}" = lport=137 | protocol=17 | dir=in | app=system |
"{131CB317-4594-42BC-B487-EDD0277A8E9A}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{136CC974-6737-494B-9AA0-887F9BE63BC2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{1D8F2763-833F-4210-A8E8-A4B03482B2BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FC11F00-C1C6-4C1B-9CE1-8AD0B2FD7BCF}" = lport=445 | protocol=6 | dir=in | app=system |
"{2117E1F8-584F-4B1E-B2C2-DBFF49502408}" = rport=137 | protocol=17 | dir=out | app=system |
"{214C4275-3087-4155-8237-7328DF3A403C}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{23541EAE-C464-40B6-A846-4845C1F4FC43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25C2E40E-745F-408E-9479-2CD7CD4F2240}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{28143D54-C4CF-428E-AE07-12564EA195B0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{28C11FD0-829B-4554-894D-2B21635F3E02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BA7C8B8-0A39-4F9D-81B7-27EF0D076BC7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3BF9A39A-1432-42BD-AE27-1E49B95C6E9E}" = lport=139 | protocol=6 | dir=in | app=system |
"{4532B291-FC63-412C-9457-ADC90F7B9ADE}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{477EF1A6-494F-4140-83AE-A539E1DF9ACF}" = rport=445 | protocol=6 | dir=out | app=system |
"{48225DB4-358F-4455-AA6E-A3A04BBA4BD2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5AA9431D-20AB-47E3-9235-82BD357197C2}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AADBCB2-49D5-40F0-8576-74A901A19DCB}" = rport=139 | protocol=6 | dir=out | app=system |
"{671C202F-8D2D-47D3-935B-6E3580D1E5D1}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{684A2FC1-E708-421B-B3C9-E3245E1A2F1B}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7CA9B85B-3242-4824-8364-FC385DB64D48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81971013-DE6E-4BC7-8E92-C32AA1933376}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8EFDB83A-E18D-44A1-A4CF-880820CC0920}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B50BBAD5-9165-445D-B155-8BA2241BCCB8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CDC2524B-8B0E-4021-906A-9393BA64FB05}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E358ACBB-7B72-4EFD-B0FA-21AD1BA86B3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E383DC62-E015-41C0-884A-821C62077CB3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E91D844A-8E72-40FD-B6D7-C7DB0AECD131}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9896642-4E7E-4507-BBC1-CD3FD16051A2}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{EABF5E6F-D790-4950-9A77-B4FBB54631CA}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1058691C-15D2-4A68-B9F1-DF90BA1A4E94}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1195D5A4-39A9-4C9D-9E2A-6227B7DB7FAE}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{19ED1415-FD7C-4733-9A79-AF05662D8CA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{228AAD0F-195D-411D-A64D-AB7B0741C76C}" = dir=in | app=c:\windows\explorer.exe |
"{2300D035-F0C2-443A-A387-602D299A2DBA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A29F68A-3100-493C-A18C-65C7E30BC7F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2BA52D3C-1DDE-4505-B1E2-3E9001FE1F57}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CEF524D-29BA-46FF-B9EB-C55833ED0860}" = protocol=17 | dir=in | app=c:\users\papa\appdata\roaming\utorrent\utorrent.exe |
"{2E9AD9F5-F609-4D0E-AF3F-DA716EA08A81}" = protocol=6 | dir=in | app=c:\users\papa\appdata\roaming\utorrent\utorrent.exe |
"{31F4BC68-F366-4401-AAA4-643E46416F01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3589780F-552F-4A2A-B6DB-3623F0C7F0D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{369007F0-1157-40C9-B32C-7F2C4D3A4E76}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D2A3080-A245-4E17-B2BA-239F8D1E9E28}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3FDC848A-8EE9-4EFE-994F-AB40BF85D6D3}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{4F1EB4ED-5091-4CCB-8C6A-AC91ACDC428F}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{5503BDDD-AF02-4C9F-B397-A4F7B912A0DD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{56AC8DE6-7E31-44A7-A2BF-6EDBFAA9A6B3}" = protocol=6 | dir=out | app=system |
"{60465236-8583-466A-8365-D5DA630B96A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68554A22-FCF7-4C57-B64C-FF9B4464B716}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AEF8297-91BD-41FB-9F5F-5507928C56BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A522C6A-998F-4FF1-A2D4-06CAAB071084}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war for the overworld\wfto.exe |
"{7DD028DD-05EA-4995-A4A1-D4CC6EA0CAD9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F43A167-9F53-455B-A59D-D25A0D5B19D4}" = protocol=58 | dir=in | app=system |
"{8080C804-B46B-4A66-AA1A-344494FA9458}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war for the overworld\wfto.exe |
"{82E1ADEA-EED5-445C-AC9D-39C1EA5DBABA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{837C37CF-F446-4B17-B3DA-B7624F4D2EFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B02D9BB-4E49-425F-AAFB-21A1DFE019D9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8B354637-C132-4849-8444-F016D9DBE313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93F68A97-9A63-4252-AE2A-3CD3E1223FE8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{9BA9DDD7-F165-4EBC-B77B-8B39928F333F}" = dir=in | app=c:\windows\system32\rundll32.exe |
"{AEE6CB01-E3D5-4348-9373-713CB3A0C1C8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C666CFA0-A892-4BD2-8EE8-7D075F36AD31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C70431B1-A944-426A-BF74-520CE5A20E7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C9186194-8154-4D42-BFCE-4BECD2502F1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D9A7C319-8F0C-4AE9-889C-81D53F75729A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF54845E-7508-4E88-8FB4-DDE17AD48962}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E6D3AF91-E900-481B-9094-423C6EDFE21A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EB757287-C886-493D-9FEE-A9EB96D75285}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{F2EFB037-44FF-48E4-97D7-6254FA0B829A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FB452FDD-F88D-42B6-BEFD-33D57055025D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-1000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"Microsoft Security Client" = Microsoft Security Essentials
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 5.1.1
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"League of Legends 3.0.0" = League of Legends
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam" = Steam
"Steam App 230190" = War for the Overworld Bedrock Beta

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2014 1:05:03 AM | Computer Name = Papa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/11/2014 1:05:03 AM | Computer Name = Papa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9063

Error - 1/11/2014 1:05:03 AM | Computer Name = Papa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9063

Error - 1/11/2014 1:05:04 AM | Computer Name = Papa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/11/2014 1:05:04 AM | Computer Name = Papa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10062

Error - 1/11/2014 1:05:04 AM | Computer Name = Papa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10062

Error - 1/12/2014 2:09:11 AM | Computer Name = Papa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: League of Legends.exe, version: 3.15.0.255,
time stamp: 0x52abb394 Faulting module name: League of Legends.exe, version: 3.15.0.255,
time stamp: 0x52abb394 Exception code: 0xc0000005 Fault offset: 0x0042c6b0 Faulting
process id: 0xb20 Faulting application start time: 0x01cf0f585386af41 Faulting application
path: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League
of Legends.exe Faulting module path: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League
of Legends.exe Report Id: 0db6d4f1-7b50-11e3-9c80-001bfcddd4a6

Error - 1/12/2014 2:09:21 AM | Computer Name = Papa-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/12/2014 9:35:44 PM | Computer Name = Papa-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/13/2014 8:29:41 PM | Computer Name = Papa-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 1/10/2014 8:54:52 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =

Error - 1/10/2014 8:54:52 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =

Error - 1/10/2014 8:54:52 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =

Error - 1/10/2014 8:54:52 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =

Error - 1/10/2014 8:54:52 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =

Error - 1/10/2014 8:54:52 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =

Error - 1/10/2014 8:54:53 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =

Error - 1/12/2014 2:49:53 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =

Error - 1/12/2014 2:49:53 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =

Error - 1/12/2014 2:49:53 PM | Computer Name = Papa-PC | Source = AtcL001 | ID = 194
Description =


< End of report >


Should be everything you asked for. Thanks for all the help.

--Kngpin90
kngpin90
Active Member
 
Posts: 5
Joined: January 14th, 2014, 4:38 am

Re: Twunk_32.exe removal assistance.

Unread postby Cypher » January 15th, 2014, 6:52 am

Hi,
Thanks for all the help

You're welcome.
Good work so far, continue with the instructions below please.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    O4 - HKLM..\Run: [] File not found
    [2014/01/05 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\uTorrent
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2CEF524D-29BA-46FF-B9EB-C55833ED0860}" =-
    "{2E9AD9F5-F609-4D0E-AF3F-DA716EA08A81}" =-
    
    :files
    C:\Windows\twunk_32.exe
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Twunk_32.exe removal assistance.

Unread postby kngpin90 » January 15th, 2014, 12:29 pm

My PC performance is hard to describe really. I can still do everything I need to do with my PC such as browse the internet, play games, create word documents ect. As far as symptoms under the task manager processes tab several applications have the "*32" attached still. I haven't noticed the FPS drop/lag spikes in my online gaming since we have started this process. One symptom I neglected to mention earlier is that upon shutting down my PC it used to make force a shut down by ending the twunk_32.exe task upon every shutdown. However since starting this process that too has stopped occurring.

OTL Fix Log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Papa\AppData\Roaming\uTorrent folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2CEF524D-29BA-46FF-B9EB-C55833ED0860} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CEF524D-29BA-46FF-B9EB-C55833ED0860}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E9AD9F5-F609-4D0E-AF3F-DA716EA08A81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E9AD9F5-F609-4D0E-AF3F-DA716EA08A81}\ not found.
========== FILES ==========
File move failed. C:\Windows\twunk_32.exe scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Papa\Desktop\cmd.bat deleted successfully.
C:\Users\Papa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Papa
->Temp folder emptied: 574117228 bytes
->Temporary Internet Files folder emptied: 575196802 bytes
->Google Chrome cache emptied: 230148664 bytes
->Flash cache emptied: 2667 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 308064745 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43277197 bytes
RecycleBin emptied: 13748482 bytes

Total Files Cleaned = 1,664.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01152014_102230

Files\Folders moved on Reboot...
File move failed. C:\Windows\twunk_32.exe scheduled to be moved on reboot.
C:\Users\Papa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FireFly(201401150724407A0).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201401150724407A0).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201401150724417A0).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x64.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x64.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

after completing the ESET scan I couldn't find any log other than the list of identified threats which I have posted. I may have done this incorrectly but I have posted the threats found. Let me know if I need to re-do this step or this isn't what you are looking for.


ESET Log:

C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp5064.exe Win32/Boaxxe.BE trojan
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp9B4C.exe a variant of Win32/Kryptik.BSSN trojan
C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp5064.exe Win32/Boaxxe.BE trojan
C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp9B4C.exe a variant of Win32/Kryptik.BSSN trojan
C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\jbjgoblhcinekodbpjkkkmkhmbdhemem\6.0.3\background.js Win32/Boaxxe.BE trojan
kngpin90
Active Member
 
Posts: 5
Joined: January 14th, 2014, 4:38 am

Re: Twunk_32.exe removal assistance.

Unread postby Cypher » January 15th, 2014, 12:45 pm

Hi,
As far as symptoms under the task manager processes tab several applications have the "*32" attached still.

This is normal and nothing to worry about, it just means the process is 32-bit.
PC it used to make force a shut down by ending the twunk_32.exe task upon every shutdown. However since starting this process that too has stopped occurring

Good, if twunk_32.exe reappears let me know.

We need to run another fix, once done let me know if you are experiencing any new problems.
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :processes
    killallprocesses
    
    :files
    C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp5064.exe 
    C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp9B4C.exe 
    C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp5064.exe 
    C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp9B4C.exe 
    C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\jbjgoblhcinekodbpjkkkmkhmbdhemem\6.0.3\background.js 
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [REBOOT]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Twunk_32.exe removal assistance.

Unread postby kngpin90 » January 17th, 2014, 12:10 pm

No noticeable changes in PC performance since last check-in. Are their any specific signs i should be looking for as far as improvement or changes?

OTL Fix Log:

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp5064.exe moved successfully.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp9B4C.exe moved successfully.
File\Folder C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp5064.exe not found.
File\Folder C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp9B4C.exe not found.
C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\jbjgoblhcinekodbpjkkkmkhmbdhemem\6.0.3\background.js moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Papa\Desktop\cmd.bat deleted successfully.
C:\Users\Papa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Papa
->Temp folder emptied: 42330188 bytes
->Temporary Internet Files folder emptied: 122069707 bytes
->Google Chrome cache emptied: 24498990 bytes
->Flash cache emptied: 2466 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43991 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6725 bytes

Total Files Cleaned = 180.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172014_110206

Files\Folders moved on Reboot...
C:\Users\Papa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VBXONC7\NY6BY2HV.htm moved successfully.
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(201401162302456F8).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201401162302456F8).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201401162302456F8).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x64.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x64.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
kngpin90
Active Member
 
Posts: 5
Joined: January 14th, 2014, 4:38 am

Re: Twunk_32.exe removal assistance.

Unread postby Cypher » January 17th, 2014, 12:20 pm

Hi,
No noticeable changes in PC performance since last check-in. Are their any specific signs i should be looking for as far as improvement or changes?

If you are not experiencing any problems you should be good to go, your latest logs appear to be clean.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Lets remove to tools we used to clean your computer.

Clean up with OTL

  • Right click on OTL.exe And select Run as administrator to run it.
  • This will remove some of the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Next.

Uninstall AdwCleaner

  • Right click on adwCleaner.exe and select " Run as administrator " to run it.
  • Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.
  • Click on Uninstall.
  • Confirm with yes.

You can now delete any tools/logs we used if they remain on your Desktop.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Twunk_32.exe removal assistance.

Unread postby kngpin90 » January 17th, 2014, 8:39 pm

Cypher thanks for all your help. Feel free to close the thread as i no longer have any questions. Thanks so much for your time and patience!

--Kngpin90
kngpin90
Active Member
 
Posts: 5
Joined: January 14th, 2014, 4:38 am

Re: Twunk_32.exe removal assistance.

Unread postby Cypher » January 18th, 2014, 6:48 am

Hi,
Cypher thanks for all your help

You're most welcome, glad we could help :)
Good luck and stay safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware