Black screen while booting up Vista.

Solved
By squall23
Sep 11, 2013
  1. Usually, when a virus hits my computer, I tend to know how to search for solutions because the virus usually attacks something specific or leaves a trail of sorts. For this one, I have no idea what it's doing on/to my computer or where I got it from. In fact, I got it when I was AFK so I definitely don't know how I got it. All I know of it are 2 things:



    1. It got rid of my System Restore option. It doesn't just turn off System Restore, it literally got rid of the tab in System Properties.



    2. When I boot up Windows normally, it gives me a black screen. I'm not sure if it's freezing or doing something to my graphics, I don't know. However, I can load up Safe Mode (with networking) perfectly fine. Albeit with a much longer than usual load time.



    Anyway, here are my logs:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.11.04

    Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Bernard :: BERNARD-PC [administrator]

    11/09/2013 6:10:42 AM
    mbam-log-2013-09-11 (06-10-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 286972
    Time elapsed: 26 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 37
    HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamBHO (PUP.Optional.Wajam.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
    HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
    HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> No action taken.
    HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.JsObject (PUP.Funshion) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
    HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
    HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
    HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
    HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
    HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
    HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.SearchProtect.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
    HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> No action taken.
    HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\thunder (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.SearchProtect.A) -> Data: "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe" -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.SearchProtect.A) -> Data: C:\Users\Bernard\AppData\Roaming\SearchProtect\bin\cltmng.exe -> No action taken.
    HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 5921 -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 19
    C:\Program Files (x86)\SEARCHPROTECT\bin (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> No action taken.
    C:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

    Files Detected: 77
    C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\IE\PRIAM_BHO.DLL (PUP.Optional.Wajam.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SearchProtect\Res\SPSetup.exe (PUP.Optional.Conduit) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\0YudRA7T.exe.part (PUP.Optional.SweetIM) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\QuickShare1.exe (PUP.Optional.QuickShare.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\bin\FIREFOXMODULE.DLL (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\DIALOGSAPI.JS (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\FIREFOXMODULE.DLL (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\rep.dat (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\DIALOGSAPI.JS (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> No action taken.
    C:\Users\Bernard\AppData\Roaming\Microsoft\6884\9396.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Users\Bernard\AppData\Local\Temp\C164.tmp (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.
    C:\Users\Bernard\AppData\Local\Temp\D67E.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\Users\Bernard\AppData\Local\Temp\FAA3.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Users\Bernard\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\ProgramData\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
    C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

    (end)
  2. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.13.2
    Run by Bernard at 7:01:16 on 2013-09-11
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    uProxyServer = hxxp=183.181.25.248:80
    uProxyOverride = 127.0.0.1:9421;*.local;<local>
    uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssie.dll
    BHO: 3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class: {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll
    BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: FreeOnlineRadioPlayerRecorder Toolbar: {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [igndlm.exe] C:\Download Manager\dlm.exe /windowsstart /startifwork
    uRun: [PlayNC Launcher] <no file>
    uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_169_Plugin.exe -update plugin
    uRunOnce: [Application Restart #0] C:\WINDOWS\ehome\ehtray.exe
    uRunOnce: [Application Restart #1] C:\Program Files\Windows Sidebar\sidebar.exe
    uRunOnce: [Application Restart #2] C:\WINDOWS\SysWOW64\conime.exe C:\Windows\System32\conime.exe
    mRun: [AVG_TRAY] "C:\AVG\AVG2012\avgtray.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SearchProtectAll] "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KUMA_T~1.LNK - C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
    StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VIIKII~1.LNK - C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &?????? - <no file>
    IE: &?????????? - <no file>
    IE: &Download All with FlashGet - C:\FlashGet\jc_all.htm
    IE: &Download with FlashGet - C:\FlashGet\jc_link.htm
    IE: &E1OAOAƒÊ‹IAOO - <no file>
    IE: &E1OAOAƒÊ‹IAOOEá2?AL?O - <no file>
    IE: &U????????? - <no file>
    IE: &U?????????????????? - <no file>
    IE: &UE1OAA~EEIAOO2‘EO2O - <no file>
    IE: &UE1OAA~EEIAOO2‘EO2O - <no file>
    IE: &UŽg—p•Äl‰º?›ó¾åU - <no file>
    IE: &UŽg—p•Äl‰º?›ó¾åU - <no file>
    IE: &E1OAOAƒÊ‹IAOO - <no file>
    IE: &E1OAOAƒÊ‹IAOOEá2?AL?O - <no file>
    IE: &Žg—p115?’`‰º? - <no file>
    IE: &Žg—p115?’`‰º?‘S•”?Ú - <no file>
    IE: &Žg—p?’`‰º? - <no file>
    IE: &Žg—p?’`‰º?‘S•”?Ú - <no file>
    IE: &ѸÀ×ÏÂÔص½ÊÖ» - <no file>
    IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Download with Xilisoft Download YouTube Video - C:\Xilisoft\Download YouTube Video\upod_link.HTM
    IE: Download with Xilisoft YouTube Video Converter - C:\Xilisoft\YouTube Video Converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiex.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\FlashGet.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/stg_drm.ocx
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/armhelper.ocx
    TCP: Interfaces\{081F9EF9-9B38-4560-8DE5-BCF5512DA67E} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{1E2774A5-2766-4D2A-9844-B884397420A9} : NameServer = 208.67.222.222,208.67.220.220
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\MP3 Skype Recorder\Skype4COM.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssiea.dll
    x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
    x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [RtHDVCpl] RAVCpl64.exe
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
    x64-Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    x64-Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
    x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiea.dll
    x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgppa.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\
    FF - prefs.js: network.proxy.type - 2
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\CSWebLauncher@cyberstep.com\plugins\npCsWebLauncher.dll
    FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_169.dll
    FF - ExtSQL: 2013-08-09 17:08; firefox@mega.co.nz; C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\firefox@mega.co.nz.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-2-23 254528]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-24 41704]
    R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2011-6-15 39424]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2008-5-12 405504]
    S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-26 239616]
    S2 AVGIDSAgent;AVGIDSAgent;C:\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
    S2 avgwd;AVG WatchDog;C:\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-3-6 93984]
    S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-14 8704]
    S2 HOSTNT;Hostnt;C:\Windows\System32\drivers\hostnt.sys [2012-5-13 13864]
    S2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2008-5-12 198240]
    S2 hshld;Hotspot Shield Service;C:\Hotspot Shield\bin\openvpnas.exe [2012-7-24 474992]
    S2 HssWd;Hotspot Shield Monitoring Service;C:\Hotspot Shield\bin\hsswd.exe [2012-7-24 387440]
    S2 RadeonPro Support Service;RadeonPro Support Service;C:\RadeonPro\RadeonProSupport.exe [2012-3-8 12800]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Spybot - Search & Destroy\SDWinSec.exe [2010-2-17 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-7-26 109064]
    S2 YLMFVDISK;YLMF Virtual Diskette V1;C:\Windows\System32\drivers\VirtDisk64.sys [2012-4-14 23896]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176]
    S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
    S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\BitComet\tools\BitCometService.exe -service --> C:\BitComet\tools\BitCometService.exe -service [?]
    S3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-5-8 411136]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2008-5-12 1379584]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-12-18 121416]
    S3 ncvet.dll;ncvet.dll;C:\WINDOWS\Temp\ncvet.dll [2011-9-14 24144]
    S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-10-6 25088]
    S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2009-10-6 18944]
    S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-6-25 35344]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
    S3 X6va006;X6va006;C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [2012-3-17 17192]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-22 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-08-08 02:03:11 2775552 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-31 14:17:31 17833472 ----a-w- C:\Windows\System32\mshtml.dll
    2013-07-31 13:42:12 10926080 ----a-w- C:\Windows\System32\ieframe.dll
    2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-31 13:20:02 1346560 ----a-w- C:\Windows\System32\urlmon.dll
    2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-07-31 13:17:24 237056 ----a-w- C:\Windows\System32\url.dll
    2013-07-31 13:16:12 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-07-31 13:13:05 816640 ----a-w- C:\Windows\System32\jscript.dll
    2013-07-31 13:11:46 2147840 ----a-w- C:\Windows\System32\iertutil.dll
    2013-07-31 13:11:41 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2013-07-31 13:09:35 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-31 13:05:14 248320 ----a-w- C:\Windows\System32\ieui.dll
    2013-07-31 10:30:56 12335104 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2013-07-31 10:05:18 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-31 09:53:17 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-07-31 09:51:29 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2013-07-31 09:49:58 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-07-31 09:48:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-07-31 09:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2013-07-31 09:46:37 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2013-07-31 09:45:59 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-31 09:42:36 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-16 09:25:53 689152 ----a-w- C:\Windows\System32\themeui.dll
    2013-07-16 04:35:16 615936 ----a-w- C:\Windows\SysWow64\themeui.dll
    2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
    2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
    2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll
    2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2010-08-03 17:11:16 819200 --sha-w- C:\Windows\SysWOW64\xvidcore.dll
    2010-08-03 17:11:16 180224 --sha-w- C:\Windows\SysWOW64\xvidvfw.dll
    .
    ============= FINISH: 7:05:00.82 ===============
  3. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU 1 | 2666/267mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 687 GiB total, 2.154 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.504 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    J: is Removable
    K: is CDROM ()
    L: is CDROM ()
    M: is CDROM ()
    O: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: eHome Infrared Receiver (USBCIR)
    Device ID: USB\VID_147A&PID_E018&MI_00\7&314A0B6A&3&0000
    Manufacturer: Microsoft
    Name: eHome Infrared Receiver (USBCIR)
    PNP Device ID: USB\VID_147A&PID_E018&MI_00\7&314A0B6A&3&0000
    Service: usbcir
    .
    Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Description: A2IW4ESM IDE Controller
    Device ID: ACPI\PNPA000\4&5D18F2DF&0
    Manufacturer: (Standard mass storage controllers)
    Name: A2IW4ESM IDE Controller
    PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
    Service: akqkhlxh
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: Consumer IR Devices
    Device ID: ROOT\SYSTEM\0001
    Manufacturer: Microsoft
    Name: Consumer IR Devices
    PNP Device ID: ROOT\SYSTEM\0001
    Service: circlass
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    115UDown
    7-Zip 4.65 (x64 edition)
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.2
    Adobe Shockwave Player 11.5
    Age of Empires III: Complete Collection
    Aion
    AirMech
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Alienware TactX(TM) Mouse CI 1.00
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    Any Video Converter 5 5.0.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Assassin's Creed Revelations
    Audacity 1.2.6
    Audiosurf
    AVG 2012
    Bandisoft MPEG-1 Decoder
    Battlelog Web Plugins
    Beat Hazard
    BIT.TRIP RUNNER (remove only)
    BitComet 1.14
    BitComet 1.31 64-bit
    Bonjour
    Call of Juarez The Cartel
    Capsule
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Cheat Engine 5.5
    Cheat Engine 5.6.1
    Cheat Engine 6.2
    CloneDVD2
    Combined Community Codec Pack 2011-07-30
    Command Center
    Compatibility Pack for the 2007 Office system
    Counter-Strike: Source
    Cucusoft YouTube Mate 7.18
    CyberLink DVD Suite Deluxe
    CyberLink PowerDirector
    D3DX10
    DAEMON Tools Lite
    Dark Souls Prepare to Die Edition
    Dark Souls Prepare To Die Edition version 5.1
    Dell Voice
    DH Mobility Modder.NET
    Diner Dash 2
    DiskAid 4.11
    Divinity: Dragon Commander
    Download Manager 2.3.6
    Driver San Francisco
    Driver Sweeper version 3.2.0
    Dual-Core Optimizer
    Enhanced Multimedia Keyboard Solution
    ESN Sonar
    Fable III
    Far Cry 3
    FlashGet 1.9.6.1073
    Free AVI MPEG WMV MP4 FLV Video Joiner 5.0.2
    Free Video Joiner 1.1
    FreeArc 0.666
    FreeOnlineRadioPlayerRecorder Toolbar
    Freez FLV to MP3 Converter
    Game Dev Tycoon DEMO version 1.0.1
    Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1
    GamersFirst LIVE!
    GenesisAD_Setup
    GOM Player
    GOMTV Streamer
    Google Earth Plug-in
    Google Update Helper
    GrandDog Run Time System V1.0.35
    Hamachi 1.0.3.0
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hex Workshop v6
    HF pAppLoc version 1.0
    Hi-Rez Studios Authenticate and Update Service
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotspot Shield 2.65
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP Picasso Media Center Add-In
    HP Total Care Advisor
    HP Update
    HuxleyTheDystopia
    iFunbox (v2.6.2375.747), iFunbox DevTeam
    ijji Auto Installer
    ILLUSION@ƒWƒ“ƒRƒEƒKƒNƒGƒ“ ‚«‚á‚ç‚ß‚¢‚
    ImgBurn
    Intel(R) Matrix Storage Manager
    iPhone Explorer 2.102
    iTunes
    Java 7 Update 13
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) SE Runtime Environment 6 Update 1
    JDownloader 2
    LabelPrint
    League of Legends
    Left 4 Dead 2 Add-on Support
    LightScribe System Software 1.12.37.1
    LightScribeTemplateLabeler
    Malwarebytes Anti-Malware version 1.75.0.1300
    Max Payne 3
    MD5 Checker version 4.0.0
    Mega Manager
    MegaTrainer eXperience V1.1.1.1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 60 day trial
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Microsoft Windows Application Compatibility Database
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    MIKSOFT Mobile AMR converter
    MKVtoolnix 4.7.0
    MotioninJoy Gamepad tool 0.7.1001
    Mozilla Firefox 7.0.1 (x86 en-GB)
    MP3 Skype Recorder
    Mp3tag v2.49
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    My HP Games
    Natural Selection 2
    NCsoft Launcher
    Neffy 1,2,4,0
    Nexon Game Manager
    Nitronic Rush (2011-11-11) version 20111111.0
    Nokia Connectivity Cable Driver
    Notepad++
    NVIDIA Drivers
    NVIDIA PhysX
    OGPlanet Game Launcher
    OpenAL
    Origin
    Paint.NET v3.5.6
    Pando Media Booster
    PC Connectivity Solution
    PCSX2 - Playstation 2 Emulator
    Pcsx2 0.9.6
    Pcsx2 Cheat converter
    piaip AppLocale
    PlanetSide 2
    plist Editor Pro 2.0.0
    PlugLink 9650 Utility
    Poker Night 2
    Power2Go
    PS3 Cheats Editor
    PunkBuster Services
    Python 2.5
    QuickTime
    RadeonPro 1.0 (Build 1.1.0.6)
    RapidLinkConverter
    RaySource 2.1.10.8366
    REACTOR
    Real Alternative 2.0.0
    Realtek High Definition Audio Driver
    Recettear: An Item Shop's Tale
    Recettear: An Item Shop's Tale - Demo
    redist
    RoboForm 7-7-4 (All Users)
    Rockstar Games Social Club
    SD Gundam Capsule Fighter
    Search Protect by conduit
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
    Segoe UI
    Skype Toolbars
    Skype? 6.3
    Soft Data Fax Modem with SmartCP
    Sonic and All Stars Racing Transformed (c) SEGA version 1
    Sony Ericsson DRM Packager 1.35
    Source SDK Base 2007
    Spybot - Search & Destroy
    StarCraft II
    Steam
    Super Street Fighter IV: Arcade Edition
    SWF Opener
    Team Fortress 2
    The Sims? 3
    The Sims? 3 Late Night
    The Sims? 3 Master Suite Stuff
    The Witcher 2
    Tom Clancy's Ghost Recon Future Soldier
    Ubisoft Game Launcher
    Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP
    Unity Web Player
    Universal Document Converter (Demo)
    UnLock Root 3.1.1
    UnLock Root Pro 3.41
    UNO - Undercover
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Uplay
    URL Snooper v2.29.01
    Ventrilo Client for Windows x64
    VirtualCloneDrive
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.0.5
    VueScan
    Wajam
    Warcraft III
    Warcraft III: All Products
    Waterfox
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinPcap 4.1.2
    WinRAR archiver
    WinSCP 4.3.2
    WMPTagSupportExtender
    Xilisoft Download YouTube Video
    Xilisoft YouTube Video Converter
    Xiph.Org Open Codecs 0.85.17777
    Yahoo! Messenger
    Yahoo! Toolbar
    ƒcƒSƒEƒmƒCƒC”ޏ—ƒ^ƒ`
    ‰Š‚Ì›s‚Ü‚¹‚¨‚Á‚Ï‚¢“û“¯‹‰¶
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/09/2013 6:46:06 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 6:45:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 ElbyCDIO spldr Wanarpv6
    11/09/2013 6:45:13 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 6:44:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/09/2013 6:44:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/09/2013 6:44:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/09/2013 6:43:45 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    11/09/2013 6:42:21 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.
    11/09/2013 6:10:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/09/2013 5:13:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/09/2013 5:09:46 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC ElbyCDIO HssDRV6 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/09/2013 5:08:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/09/2013 5:08:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/09/2013 5:08:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/09/2013 3:06:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    11/09/2013 3:06:46 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/09/2013 3:01:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/09/2013 6:05:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    10/09/2013 6:05:11 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/09/2013 4:17:50 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
    10/09/2013 4:14:21 PM, Error: Service Control Manager [7001] - The NVIDIA Display Driver Service service depends on the nvlddmkm service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/09/2013 4:13:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    08/09/2013 5:28:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    07/09/2013 3:59:43 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80004005
    07/09/2013 3:59:34 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/09/2013 3:59:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    07/09/2013 3:59:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    07/09/2013 3:58:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    07/09/2013 3:58:28 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
    Thank you in advance for your time.
  4. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  5. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
    Ran by Bernard (administrator) on BERNARD-PC on 11-09-2013 18:09:55
    Running from O:\anti virus
    Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Safe Mode (minimal)

    ==================== Processes (Whitelisted) =================

    (AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgmfapx.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    HKLM\...\Run: [IAAnotif] - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
    HKLM\...\Run: [AlienFX Controller] - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [57672 2009-05-20] (Alienware Corporation)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
    HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKCU\...\Run: [igndlm.exe] - C:\Download Manager\dlm.exe [1103216 2009-05-14] (IGN Entertainment)
    HKCU\...\Run: [PlayNC Launcher] - [x]
    HKCU\...\Run: [KiesHelper] - C:\Samsung\Kies\KiesHelper.exe /s
    HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
    HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [108136 2012-03-15] (Siber Systems)
    HKCU\...\Run: [DAEMON Tools Lite] - "C:\DAEMON Tools Lite\DTLite.exe" -autorun
    HKCU\...\Run: [SearchProtect] - C:\Users\Bernard\AppData\Roaming\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
    HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    MountPoints2: {442fb762-9425-11de-aae1-001fc65f3688} - K:\Autorun.exe
    MountPoints2: {5447d0ef-c663-11de-9e46-001fc65f3688} - F:\Seagate\Installer\InstallSeagateManager.exe
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [AVG_TRAY] - C:\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
    HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
    Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
    ShortcutTarget: Kuma_Tray.lnk -> C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe ()
    Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
    ShortcutTarget: ViiKiiDesktopPlugin.lnk -> C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe (No File)
    BootExecute: autocheck autochk * C:\AVG\AVG2012\avgrsa.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    ProxyServer: http=183.181.25.248:80
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    URLSearchHook: (No Name) - {f999a48b-1950-4d81-9971-79018f807b4b} - No File
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM - DefaultScope {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKLM - {57392D2C-8F82-478C-994D-0C0D9FB35D6C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
    SearchScopes: HKLM - {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKLM-x32 - DefaultScope {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKLM-x32 - {57392D2C-8F82-478C-994D-0C0D9FB35D6C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
    SearchScopes: HKLM-x32 - {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKCU - DefaultScope {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKCU - {4BA2EC92-8370-4335-A0BB-F13F0820BEFC} URL = http://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}
    SearchScopes: HKCU - {57392D2C-8F82-478C-994D-0C0D9FB35D6C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
    SearchScopes: HKCU - {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKCU - {6E156CB0-82F2-47D1-A6D2-471A6EF0DB3B} URL = http://search.conduit.com/ResultsEx...4&ctid=CT2737658&CUI=UN14051505662315168&UM=2
    BHO: No Name - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No File
    BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
    BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO-x32: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll (www.flashget.com)
    BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    BHO-x32: 3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class - {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} - C:\Thunder Network\Thunder\BBInside\{3F2D81A2-AB9C-DA82-039C-33E7BC2362D3}\AddressBar.dll No File
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: No Name - {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
    BHO-x32: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Megaupload\Mega Manager\MegaIEMn.dll No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll (www.flashget.com)
    BHO-x32: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    BHO-x32: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    Toolbar: HKLM-x32 - FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No File
    DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/stg_drm.ocx
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/armhelper.ocx
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)

    Hosts: Hosts file not detected in the default directory
    Tcpip\..\Interfaces\{1E2774A5-2766-4D2A-9844-B884397420A9}: [NameServer]208.67.222.222,208.67.220.220

    FireFox:
    ========
    FF ProfilePath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default
    FF user.js: detected! => C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\user.js
    FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
    FF NetworkProxy: "type", 2
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
    FF Plugin-x32: @fileplanet.com/fpdlm - C:\Download Manager\npfpdlm.dll (IGN Entertainment)
    FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
    FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin-x32: Nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @xunlei.com/npxluser - C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: @xunlei.com/npxluser - C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
    FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\anime-news-network.xml
    FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\dictionarycom.xml
    FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\youtube-video-search.xml
    FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\CSWebLauncher@cyberstep.com
    FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF Extension: NeffyPlugin Launcher - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}
    FF Extension: GameFOX - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
    FF Extension: BitComet 视频下载器 - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    FF Extension: Cookies Manager+ - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
    FF Extension: firefox - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\firefox@mega.co.nz.xpi
    FF Extension: mediahint - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\mediahint@jetpack.xpi
    FF Extension: SQLiteManager - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
    FF Extension: uriloader - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\uriloader@pdf.js.xpi
    FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
    FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
    FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\AVG\AVG2012\Firefox4\
    FF Extension: AVG Safe Search - C:\AVG\AVG2012\Firefox4\
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\AVG\AVG2012\Firefox\DoNotTrack\
    FF Extension: AVG Do Not Track - C:\AVG\AVG2012\Firefox\DoNotTrack\
    FF HKCU\...\Firefox\Extensions: [{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}] - C:\Users\Bernard\AppData\Local\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}
    FF Extension: XULRunner - C:\Users\Bernard\AppData\Local\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}
    FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    FF Extension: No Name - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Bernard\AppData\Roaming\IDM\idmmzcc5
    FF StartMenuInternet: FIREFOX.EXE - firefox.exe

    ==================== Services (Whitelisted) =================

    S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
    S2 AVGIDSAgent; C:\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    S3 BITCOMET_HELPER_SERVICE; C:\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
    S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
    S2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()
    S2 hshld; C:\Hotspot Shield\bin\openvpnas.exe [474992 2012-07-24] ()
    S2 HssSrv; C:\Hotspot Shield\HssWPR\hsssrv.exe [404848 2012-07-24] (AnchorFree Inc.)
    S3 HssTrayService; C:\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-07-24] ()
    S2 HssWd; C:\Hotspot Shield\bin\hsswd.exe [387440 2012-07-24] ()
    S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3549696 2010-05-25] (INCA Internet Co., Ltd.)
    S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-04] ()
    S2 RadeonPro Support Service; C:\RadeonPro\RadeonProSupport.exe [12800 2011-02-10] (Mr. John aka japamd)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
    S2 SBSDWSCService; C:\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-07-26] (Wajam)

    ==================== Drivers (Whitelisted) ====================

    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-02] ()
    S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
    S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
    S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-23] (DT Soft Ltd)
    S2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
    S2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
    S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1487872 2008-05-08] (Conexant Systems, Inc.)
    S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-07-24] (AnchorFree Inc.)
    S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-01] ()
    S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
    S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
    S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-10-06] (Nokia)
    S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-10-06] (Nokia)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
    S3 PLCNDIS5; C:\Windows\SysWow64\PLCNDIS5.SYS [17280 2004-04-26] (Intellon, Inc.)
    R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-08-28] ()
    S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2009-10-06] (Nokia)
    S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
    S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
    S2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-08] ()
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    S3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S3 PLCMPR5; \??\C:\Windows\system32\PLCMPR5.SYS [x]
    S3 PLCNDIS5; \??\C:\Windows\system32\PLCNDIS5.SYS [x]
    S3 X6va002; \??\C:\Users\Bernard\AppData\Local\Temp\002E129.tmp [x]
    S3 X6va005; \??\C:\Users\Bernard\AppData\Local\Temp\005B0D0.tmp [x]
    S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
    U3 aswMBR; \??\C:\Users\Bernard\AppData\Local\Temp\aswMBR.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-09-11 18:08 - 2013-09-11 18:08 - 00000758 _____ C:\Users\Bernard\Desktop\avgremover.log
    2013-09-11 18:08 - 2013-09-11 18:08 - 00000000 ____D C:\FRST
    2013-09-11 18:02 - 2013-09-11 18:03 - 00000000 ___SD C:\ComboFix
    2013-09-11 17:57 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
    2013-09-11 17:57 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
    2013-09-11 17:57 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2013-09-11 17:57 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2013-09-11 17:57 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2013-09-11 17:57 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
    2013-09-11 17:57 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
    2013-09-11 17:57 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
    2013-09-11 17:49 - 2013-09-11 17:57 - 00000000 ____D C:\Qoobox
    2013-09-11 17:48 - 2013-09-11 17:48 - 00000000 ____D C:\Windows\erdnt
    2013-09-11 17:42 - 2013-09-11 19:28 - 05124599 ____R (Swearware) C:\Users\Bernard\Desktop\ComboFix.exe
    2013-09-11 07:05 - 2013-09-11 07:05 - 00026004 _____ C:\Users\Bernard\Desktop\attach.txt
    2013-09-11 07:05 - 2013-09-11 07:05 - 00024352 _____ C:\Users\Bernard\Desktop\dds.txt
    2013-09-11 07:00 - 2013-09-11 17:48 - 00000000 ____D C:\anti virus
    2013-09-11 06:10 - 2013-09-11 06:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
    2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
    2013-09-11 06:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2013-09-11 05:33 - 2013-09-11 05:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
    2013-09-11 03:04 - 2013-07-31 08:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-09-11 03:04 - 2013-07-31 07:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-09-11 03:04 - 2013-07-31 07:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-09-11 03:04 - 2013-07-31 07:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-09-11 03:04 - 2013-07-31 07:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-09-11 03:04 - 2013-07-31 07:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-09-11 03:04 - 2013-07-31 07:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2013-09-11 03:04 - 2013-07-31 07:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-09-11 03:04 - 2013-07-31 07:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-09-11 03:04 - 2013-07-31 07:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-09-11 03:04 - 2013-07-31 07:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2013-09-11 03:04 - 2013-07-31 07:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-09-11 03:04 - 2013-07-31 07:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-09-11 03:04 - 2013-07-31 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2013-09-11 03:04 - 2013-07-31 07:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-09-11 03:04 - 2013-07-31 07:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-09-11 03:04 - 2013-07-31 04:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-09-11 03:04 - 2013-07-31 04:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-09-11 03:04 - 2013-07-31 04:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-09-11 03:04 - 2013-07-31 03:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-09-11 03:04 - 2013-07-31 03:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-09-11 03:04 - 2013-07-31 03:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-09-11 03:04 - 2013-07-31 03:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-09-11 03:04 - 2013-07-31 03:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-09-11 03:04 - 2013-07-31 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-09-11 03:04 - 2013-07-31 03:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-09-11 03:04 - 2013-07-31 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-09-11 03:04 - 2013-07-31 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-09-11 03:04 - 2013-07-31 03:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-09-11 03:04 - 2013-07-31 03:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-09-11 03:04 - 2013-07-31 03:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-09-11 03:04 - 2013-07-31 03:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-09-10 21:55 - 2013-08-07 20:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2013-09-10 21:55 - 2013-07-16 03:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
    2013-09-10 21:55 - 2013-07-15 22:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
    2013-09-08 23:56 - 2013-09-08 23:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
    2013-09-08 23:48 - 2013-09-08 23:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
    2013-09-08 23:48 - 2013-09-08 23:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
    2013-09-08 23:29 - 2013-09-09 17:10 - 00000000 ____D C:\Divinity Dragon Commander
    2013-08-27 19:29 - 2013-08-02 08:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2013-08-27 19:29 - 2013-08-01 22:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-08-13 23:30 - 2013-07-17 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2013-08-13 23:30 - 2013-07-17 13:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-08-13 23:30 - 2013-07-10 03:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2013-08-13 23:30 - 2013-07-10 03:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2013-08-13 23:30 - 2013-07-09 06:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2013-08-13 23:30 - 2013-07-09 06:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-08-13 23:30 - 2013-07-07 22:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2013-08-13 23:30 - 2013-07-07 22:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-08-13 23:30 - 2013-07-07 22:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-08-13 23:30 - 2013-07-07 22:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-08-13 23:30 - 2013-07-07 22:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-08-13 23:30 - 2013-07-07 22:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-08-13 23:30 - 2013-07-07 22:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-08-13 23:30 - 2013-07-07 22:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2013-08-13 23:30 - 2013-07-07 22:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2013-08-13 23:30 - 2013-07-07 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2013-08-13 23:30 - 2013-07-07 22:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2013-08-13 23:30 - 2013-07-07 22:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2013-08-13 23:30 - 2013-07-07 22:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2013-08-13 23:30 - 2013-07-07 19:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-08-13 23:30 - 2013-07-07 19:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-08-13 23:30 - 2013-07-07 19:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-08-13 23:30 - 2013-07-04 22:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2013-08-13 23:30 - 2013-06-15 07:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2013-08-13 23:30 - 2013-06-15 05:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

    ==================== One Month Modified Files and Folders =======

    2013-09-11 19:28 - 2013-09-11 17:42 - 05124599 ____R (Swearware) C:\Users\Bernard\Desktop\ComboFix.exe
    2013-09-11 18:08 - 2013-09-11 18:08 - 00000758 _____ C:\Users\Bernard\Desktop\avgremover.log
    2013-09-11 18:08 - 2013-09-11 18:08 - 00000000 ____D C:\FRST
    2013-09-11 18:03 - 2013-09-11 18:02 - 00000000 ___SD C:\ComboFix
    2013-09-11 17:57 - 2013-09-11 17:49 - 00000000 ____D C:\Qoobox
    2013-09-11 17:48 - 2013-09-11 17:48 - 00000000 ____D C:\Windows\erdnt
    2013-09-11 17:48 - 2013-09-11 07:00 - 00000000 ____D C:\anti virus
    2013-09-11 08:06 - 2009-08-10 21:25 - 00000732 _____ C:\Users\Bernard\AppData\Local\d3d9caps64.dat
    2013-09-11 07:23 - 2010-11-13 15:33 - 00002032 _____ C:\Users\Bernard\AppData\Local\d3d9caps.dat
    2013-09-11 07:23 - 2010-06-19 04:31 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\vlc
    2013-09-11 07:05 - 2013-09-11 07:05 - 00026004 _____ C:\Users\Bernard\Desktop\attach.txt
    2013-09-11 07:05 - 2013-09-11 07:05 - 00024352 _____ C:\Users\Bernard\Desktop\dds.txt
    2013-09-11 06:41 - 2008-01-20 21:26 - 00246110 _____ C:\Windows\PFRO.log
    2013-09-11 06:37 - 2009-08-10 21:31 - 00000000 ___RD C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2013-09-11 06:10 - 2013-09-11 06:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
    2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
    2013-09-11 06:02 - 2009-08-10 23:31 - 00000000 ____D C:\Program Installers
    2013-09-11 05:33 - 2013-09-11 05:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
    2013-09-11 05:13 - 2009-08-10 21:18 - 01245360 _____ C:\Windows\WindowsUpdate.log
    2013-09-11 05:08 - 2006-11-02 09:21 - 00411064 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-09-11 03:23 - 2006-11-02 09:42 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-09-11 03:23 - 2006-11-02 09:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-09-11 03:23 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-09-11 03:23 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-09-11 03:20 - 2009-08-11 01:31 - 00000000 ____D C:\BitComet
    2013-09-11 03:06 - 2009-09-13 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-09-11 02:52 - 2010-05-27 04:06 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-09-11 02:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At3.job
    2013-09-11 01:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At2.job
    2013-09-11 00:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At1.job
    2013-09-10 23:46 - 2009-08-12 02:00 - 00000000 ____D C:\Clips
    2013-09-10 23:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At24.job
    2013-09-10 22:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At23.job
    2013-09-10 21:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At22.job
    2013-09-10 20:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At21.job
    2013-09-10 19:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At20.job
    2013-09-10 18:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At19.job
    2013-09-10 18:27 - 2012-02-25 00:32 - 00000000 ____D C:\Windows\system32\Drivers\AVG
    2013-09-10 18:05 - 2009-08-11 23:22 - 00000000 ____D C:\Steam
    2013-09-10 17:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At18.job
    2013-09-10 16:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At17.job
    2013-09-10 16:12 - 2011-07-29 02:21 - 00000310 ___SH C:\Windows\Tasks\Tkjhljntu.job
    2013-09-10 16:12 - 2010-05-27 04:06 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-09-10 06:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At7.job
    2013-09-10 05:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At6.job
    2013-09-10 04:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At5.job
    2013-09-10 03:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At4.job
    2013-09-09 17:10 - 2013-09-08 23:29 - 00000000 ____D C:\Divinity Dragon Commander
    2013-09-09 04:52 - 2009-12-21 02:47 - 00000000 ____D C:\Movies
    2013-09-09 02:36 - 2006-11-02 06:46 - 00777444 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-09-09 02:28 - 2009-08-11 01:32 - 00000000 ____D C:\Torrents
    2013-09-09 00:55 - 2009-08-10 23:32 - 00000000 ____D C:\Mozilla Firefox
    2013-09-08 23:56 - 2013-09-08 23:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
    2013-09-08 23:48 - 2013-09-08 23:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
    2013-09-08 23:48 - 2013-09-08 23:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
    2013-09-08 23:47 - 2009-08-11 19:07 - 01084497 _____ C:\Windows\DirectX.log
    2013-09-08 23:01 - 2009-08-11 15:21 - 00000000 ____D C:\Games
    2013-09-08 07:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At8.job
    2013-09-07 19:35 - 2013-02-16 02:13 - 00000000 ____D C:\Strike Suit Zero
    2013-09-07 19:32 - 2008-05-12 12:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-09-07 18:55 - 2009-08-12 02:01 - 00022016 _____ C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-09-07 18:51 - 2011-07-18 01:32 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\dvdcss
    2013-09-06 17:47 - 2010-12-05 18:47 - 00000000 ____D C:\Users\Bernard\AppData\Local\Paint.NET
    2013-09-03 15:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At16.job
    2013-09-03 14:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At15.job
    2013-08-31 01:18 - 2010-03-03 01:14 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Skype
    2013-08-30 14:45 - 2006-11-02 09:27 - 00156805 _____ C:\Windows\setupact.log
    2013-08-30 02:00 - 2009-08-11 04:48 - 00000000 ____D C:\Anime
    2013-08-22 23:11 - 2013-03-12 22:40 - 00000000 _____ C:\END
    2013-08-19 07:11 - 2010-10-21 01:05 - 00000000 ____D C:\ipad
    2013-08-17 18:42 - 2013-03-27 19:27 - 00002359 _____ C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Skype Recorder.lnk
    2013-08-14 03:47 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\rescache

    ZeroAccess:
    C:\Users\Bernard\AppData\Local\89531bfe
    C:\Users\Bernard\AppData\Local\89531bfe\@

    ZeroAccess:
    C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}
    C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\@
    C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U\00000001.@
    C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U\80000000.@
    C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U\800000cb.@

    Files to move or delete:
    ====================
    C:\ProgramData\0tbpw.pad
    C:\ProgramData\hash.dat
    C:\Users\Bernard\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc.exe
    C:\Users\Bernard\AppData\Local\Temp\539E36B.exe
    C:\Users\Bernard\AppData\Local\Temp\715D609.exe
    C:\Users\Bernard\AppData\Local\Temp\7za.exe
    C:\Users\Bernard\AppData\Local\Temp\AdbWinApi.dll
    C:\Users\Bernard\AppData\Local\Temp\AdbWinUsbApi.dll
    C:\Users\Bernard\AppData\Local\Temp\AskInstallChecker-1.4.0.0.exe
    C:\Users\Bernard\AppData\Local\Temp\AskPIP_FF_.exe
    C:\Users\Bernard\AppData\Local\Temp\askToolbarInstaller.exe
    C:\Users\Bernard\AppData\Local\Temp\bdfilters.dll
    C:\Users\Bernard\AppData\Local\Temp\Bit1D1D.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit2059.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit20B4.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit2ECA.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit377E.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit4BB6.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit5690.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit5D5B.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit6322.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit8E64.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitA2B1.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitB328.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitC938.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitCDA7.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitD38.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitD70A.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\CH.dll
    C:\Users\Bernard\AppData\Local\Temp\conduitinstaller.exe
    C:\Users\Bernard\AppData\Local\Temp\Copy.dll
    C:\Users\Bernard\AppData\Local\Temp\Coupon-Caddy-ppi-MULTI.exe
    C:\Users\Bernard\AppData\Local\Temp\DLBT.dll
    C:\Users\Bernard\AppData\Local\Temp\dl_peer_id.dll
    C:\Users\Bernard\AppData\Local\Temp\Dragons Dogma - Editor.exe
    C:\Users\Bernard\AppData\Local\Temp\Execute2App.exe
    C:\Users\Bernard\AppData\Local\Temp\Fault_inst.exe
    C:\Users\Bernard\AppData\Local\Temp\FJ_Downloader.exe
    C:\Users\Bernard\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
    C:\Users\Bernard\AppData\Local\Temp\GomEncDnInstaller.exe
    C:\Users\Bernard\AppData\Local\Temp\gtapi.dll
    C:\Users\Bernard\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
    C:\Users\Bernard\AppData\Local\Temp\HiRezLauncherControls.dll
    C:\Users\Bernard\AppData\Local\Temp\HOMEFRONT(1).exe
    C:\Users\Bernard\AppData\Local\Temp\Hotspot_Shield.exe
    C:\Users\Bernard\AppData\Local\Temp\inst.exe
    C:\Users\Bernard\AppData\Local\Temp\installerdll34682579.dll
    C:\Users\Bernard\AppData\Local\Temp\installerdll34684903.dll
    C:\Users\Bernard\AppData\Local\Temp\installerdll34691861.dll
    C:\Users\Bernard\AppData\Local\Temp\installerdll6410205.dll
    C:\Users\Bernard\AppData\Local\Temp\installerdll6423091.dll
    C:\Users\Bernard\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\Bernard\AppData\Local\Temp\InstStub.exe
    C:\Users\Bernard\AppData\Local\Temp\jshortcut-1610750577578842815.dll
    C:\Users\Bernard\AppData\Local\Temp\Kies2RemoveAll.exe
    C:\Users\Bernard\AppData\Local\Temp\KWI62F0.exe
    C:\Users\Bernard\AppData\Local\Temp\Lng.Dll
    C:\Users\Bernard\AppData\Local\Temp\msvcp90.dll
    C:\Users\Bernard\AppData\Local\Temp\msvcr90.dll
    C:\Users\Bernard\AppData\Local\Temp\MyBabylonTB.exe
    C:\Users\Bernard\AppData\Local\Temp\NEventMessages.dll
    C:\Users\Bernard\AppData\Local\Temp\NGMDll.dll
    C:\Users\Bernard\AppData\Local\Temp\NGMResource.dll
    C:\Users\Bernard\AppData\Local\Temp\NGMSetup.exe
    C:\Users\Bernard\AppData\Local\Temp\nsisdt.dll
    C:\Users\Bernard\AppData\Local\Temp\nsk364D.exe
    C:\Users\Bernard\AppData\Local\Temp\nsp1278.exe
    C:\Users\Bernard\AppData\Local\Temp\nsu2E4B.exe
    C:\Users\Bernard\AppData\Local\Temp\nsuB777.exe
    C:\Users\Bernard\AppData\Local\Temp\Ochibo_DLSetup.exe
    C:\Users\Bernard\AppData\Local\Temp\OneClickRoot_Installer.exe
    C:\Users\Bernard\AppData\Local\Temp\OptimizerPro.exe
    C:\Users\Bernard\AppData\Local\Temp\OriginLauncher34682579.exe
    C:\Users\Bernard\AppData\Local\Temp\ose00000.exe
    C:\Users\Bernard\AppData\Local\Temp\OWE1FEE.exe
    C:\Users\Bernard\AppData\Local\Temp\proxy_vole3838149727586769226.dll
    C:\Users\Bernard\AppData\Local\Temp\PurpleBean.exe
    C:\Users\Bernard\AppData\Local\Temp\QuickShare1.exe
    C:\Users\Bernard\AppData\Local\Temp\rootsupd.exe
    C:\Users\Bernard\AppData\Local\Temp\setup.exe
    C:\Users\Bernard\AppData\Local\Temp\SicheatsTrainer.dll
    C:\Users\Bernard\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Bernard\AppData\Local\Temp\sonarinst.exe
    C:\Users\Bernard\AppData\Local\Temp\SPStub.exe
    C:\Users\Bernard\AppData\Local\Temp\swt-win32-3349.dll
    C:\Users\Bernard\AppData\Local\Temp\tmp24BA.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp3889.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp4690.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp53E9.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp6A09.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp6B7F.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp6EE8.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp848B.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp8508.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp979F.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp9D88.exe
    C:\Users\Bernard\AppData\Local\Temp\tmpF826.exe
    C:\Users\Bernard\AppData\Local\Temp\tmpFF10.exe
    C:\Users\Bernard\AppData\Local\Temp\ubiBAE0.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\unicows.dll
    C:\Users\Bernard\AppData\Local\Temp\Uninstall.exe
    C:\Users\Bernard\AppData\Local\Temp\unlockrootsetup.exe
    C:\Users\Bernard\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\Bernard\AppData\Local\Temp\wajam_install.exe
    C:\Users\Bernard\AppData\Local\Temp\war3_Install.exe
    C:\Users\Bernard\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
    C:\Users\Bernard\AppData\Local\Temp\wlsetup-cvr.exe
    C:\Users\Bernard\AppData\Local\Temp\WMQ37D1.exe
    C:\Users\Bernard\AppData\Local\Temp\woavfvtd.dll
    C:\Users\Bernard\AppData\Local\Temp\xmlUpdater.exe
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At10.job
    C:\Windows\Tasks\At11.job
    C:\Windows\Tasks\At12.job
    C:\Windows\Tasks\At13.job
    C:\Windows\Tasks\At14.job
    C:\Windows\Tasks\At15.job
    C:\Windows\Tasks\At16.job
    C:\Windows\Tasks\At17.job
    C:\Windows\Tasks\At18.job
    C:\Windows\Tasks\At19.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At20.job
    C:\Windows\Tasks\At21.job
    C:\Windows\Tasks\At22.job
    C:\Windows\Tasks\At23.job
    C:\Windows\Tasks\At24.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    C:\Windows\Tasks\At5.job
    C:\Windows\Tasks\At6.job
    C:\Windows\Tasks\At7.job
    C:\Windows\Tasks\At8.job
    C:\Windows\Tasks\At9.job

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-09-11 17:43

    ==================== End Of Log ============================
  6. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 02
    Ran by Bernard at 2013-09-11 18:10:54
    Running from O:\anti virus
    Boot Mode: Safe Mode (minimal)
    ==========================================================


    ==================== Installed Programs =======================

    Update for Microsoft Office 2007 (KB2508958) (x32)
    115UDown (HKCU Version: 2.4.5.136)
    7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
    7-Zip 9.20 (x32)
    Adobe AIR (x32 Version: 1.5.2.8900)
    Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.149)
    Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.169)
    Adobe Reader 8.1.2 (x32 Version: 8.1.2)
    Adobe Shockwave Player 11.5 (x32 Version: 11.5.2.602)
    Age of Empires III: Complete Collection (x32 Version: 1.0.0000.1)
    Aion (HKCU)
    AirMech (x32)
    Akamai NetSession Interface (HKCU)
    Akamai NetSession Interface Service (x32)
    Alienware TactX(TM) Mouse CI 1.00 (Version: 1.00)
    AMD APP SDK Runtime (Version: 10.0.938.1)
    AMD Catalyst Install Manager (Version: 8.0.891.0)
    Any Video Converter 5 5.0.3 (x32)
    Apple Application Support (x32 Version: 2.3.3)
    Apple Mobile Device Support (Version: 6.1.0.13)
    Apple Software Update (x32 Version: 2.1.3.127)
    Assassin's Creed Revelations (x32 Version: 1.00)
    Audacity 1.2.6 (x32)
    Audiosurf (x32)
    AVG 2012 (Version: 12.0.3222)
    AVG 2012 (Version: 12.1.2242)
    AVG 2012 (Version: 2012.1.2242)
    Bandisoft MPEG-1 Decoder (x32)
    Battlelog Web Plugins (x32 Version: 0.80.0)
    Beat Hazard (x32)
    BIT.TRIP RUNNER (remove only) (x32 Version: 1.0)
    BitComet 1.14 (x32 Version: 1.14)
    BitComet 1.31 64-bit (x32 Version: 1.31)
    Bonjour (Version: 3.0.0.10)
    Call of Juarez The Cartel (x32)
    Capsule (x32 Version: 1.0.000)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000)
    Catalyst Control Center (x32 Version: 2012.0928.1532.26058)
    Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0928.1532.26058)
    Catalyst Control Center InstallProxy (x32 Version: 2012.0928.1532.26058)
    Catalyst Control Center Localization All (x32 Version: 2012.0928.1532.26058)
    CCC Help Chinese Standard (x32 Version: 2012.0928.1531.26058)
    CCC Help Chinese Traditional (x32 Version: 2012.0928.1531.26058)
    CCC Help Czech (x32 Version: 2012.0928.1531.26058)
    CCC Help Danish (x32 Version: 2012.0928.1531.26058)
    CCC Help Dutch (x32 Version: 2012.0928.1531.26058)
    CCC Help English (x32 Version: 2012.0928.1531.26058)
    CCC Help Finnish (x32 Version: 2012.0928.1531.26058)
    CCC Help French (x32 Version: 2012.0928.1531.26058)
    CCC Help German (x32 Version: 2012.0928.1531.26058)
    CCC Help Greek (x32 Version: 2012.0928.1531.26058)
    CCC Help Hungarian (x32 Version: 2012.0928.1531.26058)
    CCC Help Italian (x32 Version: 2012.0928.1531.26058)
    CCC Help Japanese (x32 Version: 2012.0928.1531.26058)
    CCC Help Korean (x32 Version: 2012.0928.1531.26058)
    CCC Help Norwegian (x32 Version: 2012.0928.1531.26058)
    CCC Help Polish (x32 Version: 2012.0928.1531.26058)
    CCC Help Portuguese (x32 Version: 2012.0928.1531.26058)
    CCC Help Russian (x32 Version: 2012.0928.1531.26058)
    CCC Help Spanish (x32 Version: 2012.0928.1531.26058)
    CCC Help Swedish (x32 Version: 2012.0928.1531.26058)
    CCC Help Thai (x32 Version: 2012.0928.1531.26058)
    CCC Help Turkish (x32 Version: 2012.0928.1531.26058)
    ccc-utility64 (Version: 2012.0928.1532.26058)
    CCleaner (Version: 3.09)
    Cheat Engine 5.5 (x32)
    Cheat Engine 5.6.1 (x32)
    Cheat Engine 6.2 (x32)
    CloneDVD2 (x32 Version: 2.9.2.8)
    Combined Community Codec Pack 2011-07-30 (x32 Version: 2011.07.30.0)
    Command Center (Version: 2.0.7.0)
    Command Center (x32)
    Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
    Counter-Strike: Source (x32)
    Cucusoft YouTube Mate 7.18 (x32)
    CyberLink DVD Suite Deluxe (x32 Version: 5.5.1329)
    CyberLink PowerDirector (x32 Version: 6.5.2726)
    D3DX10 (x32 Version: 15.4.2368.0902)
    DAEMON Tools Lite (x32 Version: 4.40.2.0131)
    Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130)
    Dark Souls Prepare To Die Edition version 5.1 (x32 Version: 5.1)
    Dell Voice (x32 Version: 1.1.1)
    DH Mobility Modder.NET (x32 Version: 1.2.1.0)
    Diner Dash 2 (x32)
    DiskAid 4.11 (x32 Version: 4.11)
    Divinity: Dragon Commander (x32)
    Download Manager 2.3.6 (x32 Version: 2.3.6)
    Driver San Francisco (x32 Version: 1.1.0.0)
    Driver Sweeper version 3.2.0 (x32 Version: 3.2.0)
    Dual-Core Optimizer (x32 Version: 1.1.4.0169)
    Enhanced Multimedia Keyboard Solution (x32)
    ESN Sonar (x32 Version: 0.70.0)
    Fable III (x32 Version: 1.0.0001.131)
    Far Cry 3 (x32 Version: 1.01)
    FlashGet 1.9.6.1073 (x32 Version: 1.9.6.1073)
    Free AVI MPEG WMV MP4 FLV Video Joiner 5.0.2 (x32)
    Free Video Joiner 1.1 (x32)
    FreeArc 0.666 (x32 Version: 0.666)
    FreeOnlineRadioPlayerRecorder Toolbar (x32 Version: 6.11.2.6)
    Freez FLV to MP3 Converter (x32 Version: 1.5)
    Game Dev Tycoon DEMO version 1.0.1 (x32 Version: 1.0.1)
    Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1 (x32 Version: 1)
    GamersFirst LIVE! (x32)
    GenesisAD_Setup (x32 Version: 1.00.0000)
    GOM Player (x32 Version: 2.1.28.5039)
    GOMTV Streamer (x32)
    Google Earth Plug-in (x32 Version: 7.1.1.1888)
    Google Update Helper (x32 Version: 1.3.21.153)
    GrandDog Run Time System V1.0.35 (x32)
    Hamachi 1.0.3.0 (x32)
    Hardware Diagnostic Tools (x32 Version: 5.1.4748.24)
    Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2)
    Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2)
    Hex Workshop v6 (Version: 6.0.1.4603)
    HF pAppLoc version 1.0 (x32 Version: 1.0)
    Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0)
    Hotspot Shield 2.65 (x32 Version: 2.65)
    HP Active Support Library (x32 Version: 3.1.0.6)
    HP Customer Experience Enhancements (x32 Version: 5.6.0.2510)
    HP Customer Feedback (x32 Version: 1.0.0)
    HP Easy Setup - Frontend (x32 Version: 5.7.0.2611)
    HP Picasso Media Center Add-In (x32 Version: 1.0.0)
    HP Total Care Advisor (x32 Version: 2.1.3329.2629)
    HP Update (x32 Version: 4.000.007.003)
    HuxleyTheDystopia (x32 Version: 1.00.0000)
    iFunbox (v2.6.2375.747), iFunbox DevTeam (x32 Version: v2.6.2375.747)
    ijji Auto Installer (x32 Version: 1.00.0000)
    ILLUSION ジンコウガクエン きゃらめいく (x32 Version: 1.00.0000)
    ImgBurn (x32 Version: 2.5.1.0)
    Intel(R) Matrix Storage Manager
    iPhone Explorer 2.102 (x32)
    iTunes (Version: 11.0.2.26)
    Java 7 Update 13 (x32 Version: 7.0.130)
    Java Auto Updater (x32 Version: 2.1.9.0)
    Java(TM) 6 Update 23 (x32 Version: 6.0.230)
    Java(TM) SE Runtime Environment 6 Update 1 (x32 Version: 1.6.0.10)
    JDownloader 2 (Version: 2.0)
    LabelPrint (x32 Version: 2.2.2529)
    League of Legends (x32 Version: 1.25.000)
    League of Legends (x32 Version: 1.3)
    Left 4 Dead 2 Add-on Support (x32)
    LightScribe System Software 1.12.37.1 (x32 Version: 1.12.37.1)
    LightScribeTemplateLabeler (x32 Version: 1.10.23.1)
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
    Max Payne 3 (x32 Version: 1.0.0.0)
    MD5 Checker version 4.0.0 (x32)
    Mega Manager (x32 Version: 3.3.04)
    MegaTrainer eXperience V1.1.1.1 (x32)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
    Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
    Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32)
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Home and Student 60 day trial
    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
    Microsoft Silverlight (x32 Version: 5.1.20513.0)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (Version: 9.0.30411)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
    Microsoft Windows Application Compatibility Database
    Microsoft Works (x32 Version: 9.7.0621)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
    Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
    Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
    MIKSOFT Mobile AMR converter (x32)
    MKVtoolnix 4.7.0 (x32 Version: 4.7.0)
    MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)
    Mozilla Firefox 7.0.1 (x86 en-GB) (x32 Version: 7.0.1)
    MP3 Skype Recorder (x32 Version: 3.1.3)
    Mp3tag v2.49 (x32 Version: v2.49)
    MSVC80_x64_v2 (Version: 1.0.3.0)
    MSVC80_x86_v2 (x32 Version: 1.0.3.0)
    MSVCRT (x32 Version: 15.4.2862.0708)
    MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
    MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
    muvee autoProducer 6.1 (x32 Version: 6.10.050)
    My HP Games (x32 Version: 1.0.0.43)
    Natural Selection 2 (x32)
    NCsoft Launcher (x32 Version: 1.5.4.2)
    Neffy 1,2,4,0 (x32 Version: 1,2,4,0)
    Nexon Game Manager (x32)
    Nitronic Rush (2011-11-11) version 20111111.0 (x32 Version: 20111111.0)
    Nokia Connectivity Cable Driver (x32 Version: 7.1.22.0)
    Notepad++ (x32 Version: 6.3.2)
    NVIDIA Drivers
    NVIDIA PhysX (x32 Version: 9.12.0613)
    OGPlanet Game Launcher (x32 Version: 1.0.0)
    OpenAL (x32)
    Origin (x32 Version: 8.5.0.4554)
    Paint.NET v3.5.6 (Version: 3.56.0)
    Pando Media Booster (x32 Version: 2.6.0.6)
    PC Connectivity Solution (x32 Version: 9.44.0.3)
    PCSX2 - Playstation 2 Emulator (x32)
    Pcsx2 0.9.6 (x32 Version: 1.0.0)
    Pcsx2 Cheat converter (HKCU Version: 1.0.0.10)
    piaip AppLocale (x32 Version: 1.0.0)
    PlanetSide 2 (x32)
    plist Editor Pro 2.0.0 (x32 Version: 2.0.0)
    PlugLink 9650 Utility (x32 Version: 1.1.6)
    Poker Night 2 (x32)
    Power2Go (x32 Version: 5.6.3917)
    PS3 Cheats Editor (x32)
    PunkBuster Services (x32 Version: 0.992)
    Python 2.5 (x32 Version: 2.5.150)
    QuickTime (x32 Version: 7.68.75.0)
    RadeonPro 1.0 (Build 1.1.0.6) (x32)
    RapidLinkConverter (x32 Version: 3.1.0)
    RaySource 2.1.10.8366 (x32 Version: 2.1.10.8366)
    REACTOR (x32 Version: 1.00.0000)
    Real Alternative 2.0.0 (x32 Version: 2.0.0)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.5591)
    Recettear: An Item Shop's Tale - Demo (x32)
    Recettear: An Item Shop's Tale (x32)
    redist (x32 Version: 1.0.0.0)
    RoboForm 7-7-4 (All Users) (x32 Version: 7-7-4)
    Rockstar Games Social Club (x32 Version: 1.0.9.5)
    SD Gundam Capsule Fighter (x32 Version: 1.0.0)
    Search Protect by conduit (x32 Version: 1.4.1.12)
    Segoe UI (x32 Version: 15.4.2271.0615)
    Skype Toolbars (x32 Version: 1.0.4051)
    Skype™ 6.3 (x32 Version: 6.3.107)
    Soft Data Fax Modem with SmartCP (Version: 7.74.00)
    Sonic and All Stars Racing Transformed (c) SEGA version 1 (x32 Version: 1)
    Sony Ericsson DRM Packager 1.35 (x32 Version: 1.35)
    Source SDK Base 2007 (x32)
    Spybot - Search & Destroy (x32 Version: 1.6.2)
    StarCraft II (x32 Version: 1.3.3.18574)
    Steam (x32 Version: 1.0.0.0)
    Super Street Fighter IV: Arcade Edition (x32 Version: 1.0.0000.129)
    SUPER STREET FIGHTER IV: ARCADE EDITION (x32 Version: 1.0.0001.129)
    SWF Opener (x32 Version: 1.3)
    Team Fortress 2 (x32)
    The Sims™ 3 (x32 Version: 1.33.2)
    The Sims™ 3 Late Night (x32 Version: 6.0.81)
    The Sims™ 3 Master Suite Stuff (x32 Version: 11.0.84)
    The Witcher 2 (x32 Version: 1.00.0000)
    Tom Clancy's Ghost Recon Future Soldier (x32 Version: 1.00)
    Ubisoft Game Launcher (x32 Version: 1.0.0.0)
    Ultimate Knight ウィンダムXP (x32)
    Unity Web Player (HKCU Version: )
    Universal Document Converter (Demo) (x32 Version: 5.2)
    UnLock Root 3.1.1 (x32 Version: 3.1.1)
    UnLock Root Pro 3.41 (x32 Version: 3.41)
    UNO - Undercover (x32)
    Update for 2007 Microsoft Office System (KB967642) (x32)
    Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
    Update for Microsoft Office Access 2007 Help (KB963663) (x32)
    Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition (x32)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
    Update for Microsoft Office Script Editor Help (KB963671) (x32)
    Update for Microsoft Office Word 2007 Help (KB963665) (x32)
    Uplay (x32 Version: 2.1)
    URL Snooper v2.29.01 (x32)
    Ventrilo Client for Windows x64 (Version: 3.0.5.0)
    VirtualCloneDrive (x32)
    Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
    Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
    VLC media player 1.0.5 (x32 Version: 1.0.5)
    VueScan (x32)
    Wajam (x32 Version: 1.67)
    Warcraft III (x32)
    Warcraft III: All Products (HKCU)
    Waterfox (Version: 18.0.1)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
    Windows Live Essentials (x32 Version: 15.4.3502.0922)
    Windows Live Essentials (x32 Version: 15.4.3555.0308)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
    Windows Live Installer (x32 Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3555.0308)
    Windows Live Messenger (x32 Version: 15.4.3538.0513)
    Windows Live Photo Common (x32 Version: 15.4.3502.0922)
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
    Windows Live SOXE (x32 Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
    WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
    WinRAR archiver (x32)
    WinSCP 4.3.2 (x32 Version: 4.3.2)
    WMPTagSupportExtender (x32 Version: 1.4)
    Xilisoft Download YouTube Video (x32 Version: 2.0.5.0108)
    Xilisoft YouTube Video Converter (x32 Version: 2.0.5.0108)
    Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)
    Yahoo! Messenger (x32)
    Yahoo! Toolbar (x32)
    ツゴウノイイ彼女タチ (x32 Version: 1.00.0000)
    炎の孕ませおっぱい乳同級生 (x32)

    ==================== Restore Points =========================


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {015507FC-44DD-41EF-8237-CB71B392E53B} - System32\Tasks\At19 => C:\Windows\Fonts\iiJX8v5.com
    Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {0BCF2280-6243-41E2-9E90-B35F4CCC415F} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-07-31] (Microsoft Corporation)
    Task: {11F6ECA7-EEF2-42C2-8385-BFE4FFCD63B5} - System32\Tasks\{42A71F08-9AD8-4D36-9165-B069C07881A0} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-05-08] (Skype Technologies S.A.)
    Task: {13BCD0D0-7063-4D01-8237-878135C4A7A5} - System32\Tasks\At5 => C:\Windows\Fonts\iiJX8v5.com
    Task: {14D2CBEE-C23D-4251-90AB-40328A3E4896} - System32\Tasks\At11 => C:\Windows\Fonts\iiJX8v5.com
    Task: {15BF8913-C79E-457B-8F9A-B3D10629718A} - System32\Tasks\At7 => C:\Windows\Fonts\iiJX8v5.com
    Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {1A8CF4B0-2E5A-49CE-9BEA-CEE9B65C0E78} - System32\Tasks\At3 => C:\Windows\Fonts\iiJX8v5.com
    Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
    Task: {27F720A2-756A-4CD2-B32A-1AACE7DF62BF} - System32\Tasks\At12 => C:\Windows\Fonts\iiJX8v5.com
    Task: {2F2774E1-C7B9-4778-A2CB-C1E08DA4B5A2} - System32\Tasks\At2 => C:\Windows\Fonts\iiJX8v5.com
    Task: {33758925-F1BA-484B-902D-ABB4CEC065E1} - System32\Tasks\At22 => C:\Windows\Fonts\iiJX8v5.com
    Task: {3BF8CB04-0CDD-4984-89A8-B5FC5240423E} - System32\Tasks\At4 => C:\Windows\Fonts\iiJX8v5.com
    Task: {4597A12C-E957-48D3-969B-6C8A4507DF33} - System32\Tasks\At21 => C:\Windows\Fonts\iiJX8v5.com
    Task: {4A9B26AB-FB23-4F35-9429-7F3B09151C7A} - System32\Tasks\At17 => C:\Windows\Fonts\iiJX8v5.com
    Task: {4D1952A1-76C6-4D4C-8030-19E75C8C3E84} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
    Task: {50184864-45AE-4522-B068-B485F52C2020} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2012-03-15] (Siber Systems)
    Task: {506D0DB8-EC04-4478-A0EF-E9C8BACD44C2} - System32\Tasks\At23 => C:\Windows\Fonts\iiJX8v5.com
    Task: {575F91D7-41AA-4647-BDB0-3F2F07910B06} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files (x86)\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
    Task: {59CC5B42-9DAA-49D5-814B-0FBB83AD7C68} - System32\Tasks\At8 => C:\Windows\Fonts\iiJX8v5.com
    Task: {63369909-26CE-4ED8-AD96-78DF12356E04} - System32\Tasks\At14 => C:\Windows\Fonts\iiJX8v5.com
    Task: {6ED7BBF4-30CB-4206-B294-9631CAF1805D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27] (Google Inc.)
    Task: {742E1018-82A7-417D-BC32-F02E7D6F358F} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-20] (Microsoft Corporation)
    Task: {7858C2F3-2F77-4133-A3FD-29EDB616DE60} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
    Task: {7AC685BE-879D-4AF6-AA94-D91A0AA72679} - System32\Tasks\At16 => C:\Windows\Fonts\iiJX8v5.com
    Task: {7C0750E9-2D54-4782-BD64-8DFC676CEF69} - System32\Tasks\At13 => C:\Windows\Fonts\iiJX8v5.com
    Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {8BE67D72-FDD0-412F-A2BF-36415806C5FD} - System32\Tasks\At24 => C:\Windows\Fonts\iiJX8v5.com
    Task: {8F7A9C84-9B5F-42F6-B9BD-8D3238EFA606} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
    Task: {A5B9D345-C11D-4E0A-9BE2-077B0C74BDD8} - System32\Tasks\At15 => C:\Windows\Fonts\iiJX8v5.com
    Task: {A86F5C9D-2F48-412D-8806-DEA98B00923A} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files (x86)\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
    Task: {A9682324-32D9-45C9-908E-608EC6B80FBA} - System32\Tasks\At9 => C:\Windows\Fonts\iiJX8v5.com
    Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
    Task: {B5E331A6-83A3-41B3-A9F2-59D66A490895} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27] (Google Inc.)
    Task: {B679335F-EC8A-40AC-876A-2AA675D1E7E5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
    Task: {C946C484-5047-474F-93B5-73FF61280CDC} - System32\Tasks\At10 => C:\Windows\Fonts\iiJX8v5.com
    Task: {E0220ABC-E002-4AC1-9046-CF7A5428086A} - System32\Tasks\At1 => C:\Windows\Fonts\iiJX8v5.com
    Task: {E17FAD3F-420F-4CE9-A238-18BD8CEDDC7A} - System32\Tasks\At6 => C:\Windows\Fonts\iiJX8v5.com
    Task: {E26BAF39-A7A6-46F1-9F9F-65CEA49E10BB} - System32\Tasks\At18 => C:\Windows\Fonts\iiJX8v5.com
    Task: {E8E91512-0E90-4CB9-9F6E-27958E4B9098} - System32\Tasks\At20 => C:\Windows\Fonts\iiJX8v5.com
    Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
    Task: {EA9FD485-0820-493B-B946-27E96C9C67A4} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\SDP\RemEngine.exe [2008-03-17] ()
    Task: {EEE6C8EE-F16D-4EBB-84AC-884EF3546770} - System32\Tasks\Tkjhljntu => C:\Windows\SysWOW64\cmlual.dll [2011-07-29] ()
    Task: {F7125E69-228B-41BD-8539-4D993D764F44} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
    Task: {FA3C2F20-AE74-4E34-BD52-77FA526453AF} - System32\Tasks\9b555190 => C:\Users\Bernard\AppData\Local\Temp\\setup3927994512.exe
    Task: C:\Windows\Tasks\At1.job => ?
    Task: C:\Windows\Tasks\At10.job => ?
    Task: C:\Windows\Tasks\At11.job => ?
    Task: C:\Windows\Tasks\At12.job => ?
    Task: C:\Windows\Tasks\At13.job => ?
    Task: C:\Windows\Tasks\At14.job => ?
    Task: C:\Windows\Tasks\At15.job => ?
    Task: C:\Windows\Tasks\At16.job => ?
    Task: C:\Windows\Tasks\At17.job => ?
    Task: C:\Windows\Tasks\At18.job => ?
    Task: C:\Windows\Tasks\At19.job => ?
    Task: C:\Windows\Tasks\At2.job => ?
    Task: C:\Windows\Tasks\At20.job => ?
    Task: C:\Windows\Tasks\At21.job => ?
    Task: C:\Windows\Tasks\At22.job => ?
    Task: C:\Windows\Tasks\At23.job => ?
    Task: C:\Windows\Tasks\At24.job => ?
    Task: C:\Windows\Tasks\At3.job => ?
    Task: C:\Windows\Tasks\At4.job => ?
    Task: C:\Windows\Tasks\At5.job => ?
    Task: C:\Windows\Tasks\At6.job => ?
    Task: C:\Windows\Tasks\At7.job => ?
    Task: C:\Windows\Tasks\At8.job => ?
    Task: C:\Windows\Tasks\At9.job => ?
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
    Task: C:\Windows\Tasks\Tkjhljntu.job => ?

    ==================== Loaded Modules (whitelisted) =============

    2012-02-17 00:17 - 2012-02-17 00:17 - 00529200 _____ (广东雨林木风计算机科技有限公司) C:\Users\Bernard\AppData\Roaming\115\Box\Sync115Ext64.dll
    2011-03-16 03:01 - 2011-02-23 11:44 - 00185856 _____ (Martin Prikryl) C:\WinSCP\DragExt64.dll
    2011-08-05 23:11 - 2008-06-20 00:41 - 00062464 _____ () C:\WinRAR\rarext64.dll
    2011-08-01 18:36 - 2011-08-01 18:36 - 00939008 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\AVG\AVG2012\HTMLayout.dll
    2012-02-14 04:53 - 2012-02-14 04:53 - 00366432 _____ (AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgsysx.dll
    2012-02-14 04:52 - 2012-02-14 04:52 - 00889696 _____ (AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgntopensslx.dll
    2012-11-08 04:50 - 2012-11-08 04:50 - 01066104 _____ (AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgcfgx.dll
    2012-06-13 03:48 - 2012-06-13 03:48 - 00286328 _____ (AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avglogx.dll

    ==================== Alternate Data Streams (whitelisted) ==========

    AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
    AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
    AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
    AlternateDataStreams: C:\ProgramData\TEMP:720EA308
    AlternateDataStreams: C:\ProgramData\TEMP:79F042EF
    AlternateDataStreams: C:\ProgramData\TEMP:BEB15613


    ==================== Faulty Device Manager Devices =============

    Name: eHome Infrared Receiver (USBCIR)
    Description: eHome Infrared Receiver (USBCIR)
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: Microsoft
    Service: usbcir
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: A2IW4ESM IDE Controller
    Description: A2IW4ESM IDE Controller
    Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Manufacturer: (Standard mass storage controllers)
    Service: afspo1hx
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: Consumer IR Devices
    Description: Consumer IR Devices
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: circlass
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/11/2013 06:06:44 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

    Error: (09/11/2013 06:06:44 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

    Error: (09/11/2013 05:26:17 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

    Error: (09/11/2013 05:25:55 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/11/2013 05:25:24 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

    Error: (09/11/2013 05:25:24 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

    Error: (09/11/2013 05:25:24 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

    Error: (09/11/2013 05:25:03 PM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (09/11/2013 08:27:13 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

    Error: (09/11/2013 08:27:13 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


    System errors:
    =============
    Error: (09/11/2013 05:26:45 PM) (Source: Service Control Manager) (User: )
    Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068

    Error: (09/11/2013 05:26:04 PM) (Source: Service Control Manager) (User: )
    Description: Network List ServiceNetwork Location Awareness%%1068

    Error: (09/11/2013 05:26:00 PM) (Source: DCOM) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
    Description: Network List ServiceNetwork Location Awareness%%1068

    Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
    Description: Network List ServiceNetwork Location Awareness%%1068

    Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
    Description: Network List ServiceNetwork Location Awareness%%1068

    Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
    Description: AFD
    Avgldx64
    Avgmfx64
    Avgtdia
    DfsC
    ElbyCDIO
    HssDRV6
    NetBIOS
    netbt
    nsiproxy
    PSched
    RasAcd
    rdbss
    Smb
    spldr
    tdx
    Wanarpv6

    Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
    Description: Network List ServiceNetwork Location Awareness%%1068

    Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
    Description: Network Location AwarenessNetwork Store Interface Service%%1068

    Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
    Description: IP HelperNetwork Store Interface Service%%1068


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2013-09-11 18:10:02.727
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-11 18:10:02.602
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-11 18:10:02.462
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-11 18:10:02.337
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-11 18:10:02.197
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-11 18:10:02.072
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-11 18:10:01.931
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-11 18:10:01.807
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-11 07:09:59.734
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-11 07:09:59.593
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 14%
    Total physical RAM: 6142.39 MB
    Available physical RAM: 5229.85 MB
    Total Pagefile: 12397.79 MB
    Available Pagefile: 11713.25 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:687.32 GB) (Free:1.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.31 GB) (Free:1.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive o: (USB DISK) (Removable) (Total:57.58 GB) (Free:0.3 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=687 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 58 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=58 GB) - (Type=0C)

    ==================== End Of Log ============================
  7. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    See if you can boot normally.

    Attached Files:

  8. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    Nope, still can't boot up normally. I do have one update. Safe mode doesn't seem to load 100% now. It takes multiple tries. It also seems to be stuck at avgidsha.sys

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013 02
    Ran by Bernard at 2013-09-11 19:30:06 Run:1
    Running from C:\Users\Bernard\Desktop
    Boot Mode: Safe Mode (minimal)
    ==============================================

    Content of fixlist:
    *****************
    HKCU\...\Run: [PlayNC Launcher] - [x]
    HKCU\...\Run: [SearchProtect] - C:\Users\Bernard\AppData\Roaming\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
    C:\Users\Bernard\AppData\Roaming\SearchProtect
    MountPoints2: {442fb762-9425-11de-aae1-001fc65f3688} - K:\Autorun.exe
    MountPoints2: {5447d0ef-c663-11de-9e46-001fc65f3688} - F:\Seagate\Installer\InstallSeagateManager.exe
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
    C:\Program Files (x86)\SearchProtect
    ShortcutTarget: ViiKiiDesktopPlugin.lnk -> C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe (No File)
    URLSearchHook: (No Name) - {f999a48b-1950-4d81-9971-79018f807b4b} - No File
    SearchScopes: HKCU - {6E156CB0-82F2-47D1-A6D2-471A6EF0DB3B} URL = http://search.conduit.com/ResultsEx...4&ctid=CT2737658&CUI=UN14051505662315168&UM=2
    BHO: No Name - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No File
    BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
    BHO-x32: No Name - {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
    BHO-x32: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Megaupload\Mega Manager\MegaIEMn.dll No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No File
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Hosts:
    S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
    C:\Users\Bernard\AppData\Local\89531bfe
    C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}
    C:\ProgramData\0tbpw.pad
    C:\ProgramData\hash.dat
    C:\Users\Bernard\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc.exe
    C:\Users\Bernard\AppData\Local\Temp\539E36B.exe
    C:\Users\Bernard\AppData\Local\Temp\715D609.exe
    C:\Users\Bernard\AppData\Local\Temp\7za.exe
    C:\Users\Bernard\AppData\Local\Temp\AdbWinApi.dll
    C:\Users\Bernard\AppData\Local\Temp\AdbWinUsbApi.dll
    C:\Users\Bernard\AppData\Local\Temp\AskInstallChecker-1.4.0.0.exe
    C:\Users\Bernard\AppData\Local\Temp\AskPIP_FF_.exe
    C:\Users\Bernard\AppData\Local\Temp\askToolbarInstaller.exe
    C:\Users\Bernard\AppData\Local\Temp\bdfilters.dll
    C:\Users\Bernard\AppData\Local\Temp\Bit1D1D.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit2059.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit20B4.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit2ECA.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit377E.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit4BB6.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit5690.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit5D5B.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit6322.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\Bit8E64.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitA2B1.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitB328.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitC938.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitCDA7.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitD38.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\BitD70A.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\CH.dll
    C:\Users\Bernard\AppData\Local\Temp\conduitinstaller.exe
    C:\Users\Bernard\AppData\Local\Temp\Copy.dll
    C:\Users\Bernard\AppData\Local\Temp\Coupon-Caddy-ppi-MULTI.exe
    C:\Users\Bernard\AppData\Local\Temp\DLBT.dll
    C:\Users\Bernard\AppData\Local\Temp\dl_peer_id.dll
    C:\Users\Bernard\AppData\Local\Temp\Dragons Dogma - Editor.exe
    C:\Users\Bernard\AppData\Local\Temp\Execute2App.exe
    C:\Users\Bernard\AppData\Local\Temp\Fault_inst.exe
    C:\Users\Bernard\AppData\Local\Temp\FJ_Downloader.exe
    C:\Users\Bernard\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
    C:\Users\Bernard\AppData\Local\Temp\GomEncDnInstaller.exe
    C:\Users\Bernard\AppData\Local\Temp\gtapi.dll
    C:\Users\Bernard\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
    C:\Users\Bernard\AppData\Local\Temp\HiRezLauncherControls.dll
    C:\Users\Bernard\AppData\Local\Temp\HOMEFRONT(1).exe
    C:\Users\Bernard\AppData\Local\Temp\Hotspot_Shield.exe
    C:\Users\Bernard\AppData\Local\Temp\inst.exe
    C:\Users\Bernard\AppData\Local\Temp\installerdll34682579.dll
    C:\Users\Bernard\AppData\Local\Temp\installerdll34684903.dll
    C:\Users\Bernard\AppData\Local\Temp\installerdll34691861.dll
    C:\Users\Bernard\AppData\Local\Temp\installerdll6410205.dll
    C:\Users\Bernard\AppData\Local\Temp\installerdll6423091.dll
    C:\Users\Bernard\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\Bernard\AppData\Local\Temp\InstStub.exe
    C:\Users\Bernard\AppData\Local\Temp\jshortcut-1610750577578842815.dll
    C:\Users\Bernard\AppData\Local\Temp\Kies2RemoveAll.exe
    C:\Users\Bernard\AppData\Local\Temp\KWI62F0.exe
    C:\Users\Bernard\AppData\Local\Temp\Lng.Dll
    C:\Users\Bernard\AppData\Local\Temp\msvcp90.dll
    C:\Users\Bernard\AppData\Local\Temp\msvcr90.dll
    C:\Users\Bernard\AppData\Local\Temp\MyBabylonTB.exe
    C:\Users\Bernard\AppData\Local\Temp\NEventMessages.dll
    C:\Users\Bernard\AppData\Local\Temp\NGMDll.dll
    C:\Users\Bernard\AppData\Local\Temp\NGMResource.dll
    C:\Users\Bernard\AppData\Local\Temp\NGMSetup.exe
    C:\Users\Bernard\AppData\Local\Temp\nsisdt.dll
    C:\Users\Bernard\AppData\Local\Temp\nsk364D.exe
    C:\Users\Bernard\AppData\Local\Temp\nsp1278.exe
    C:\Users\Bernard\AppData\Local\Temp\nsu2E4B.exe
    C:\Users\Bernard\AppData\Local\Temp\nsuB777.exe
    C:\Users\Bernard\AppData\Local\Temp\Ochibo_DLSetup.exe
    C:\Users\Bernard\AppData\Local\Temp\OneClickRoot_Installer.exe
    C:\Users\Bernard\AppData\Local\Temp\OptimizerPro.exe
    C:\Users\Bernard\AppData\Local\Temp\OriginLauncher34682579.exe
    C:\Users\Bernard\AppData\Local\Temp\ose00000.exe
    C:\Users\Bernard\AppData\Local\Temp\OWE1FEE.exe
    C:\Users\Bernard\AppData\Local\Temp\proxy_vole3838149727586769226.dll
    C:\Users\Bernard\AppData\Local\Temp\PurpleBean.exe
    C:\Users\Bernard\AppData\Local\Temp\QuickShare1.exe
    C:\Users\Bernard\AppData\Local\Temp\rootsupd.exe
    C:\Users\Bernard\AppData\Local\Temp\setup.exe
    C:\Users\Bernard\AppData\Local\Temp\SicheatsTrainer.dll
    C:\Users\Bernard\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Bernard\AppData\Local\Temp\sonarinst.exe
    C:\Users\Bernard\AppData\Local\Temp\SPStub.exe
    C:\Users\Bernard\AppData\Local\Temp\swt-win32-3349.dll
    C:\Users\Bernard\AppData\Local\Temp\tmp24BA.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp3889.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp4690.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp53E9.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp6A09.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp6B7F.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp6EE8.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp848B.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp8508.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp979F.exe
    C:\Users\Bernard\AppData\Local\Temp\tmp9D88.exe
    C:\Users\Bernard\AppData\Local\Temp\tmpF826.exe
    C:\Users\Bernard\AppData\Local\Temp\tmpFF10.exe
    C:\Users\Bernard\AppData\Local\Temp\ubiBAE0.tmp.exe
    C:\Users\Bernard\AppData\Local\Temp\unicows.dll
    C:\Users\Bernard\AppData\Local\Temp\Uninstall.exe
    C:\Users\Bernard\AppData\Local\Temp\unlockrootsetup.exe
    C:\Users\Bernard\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\Bernard\AppData\Local\Temp\wajam_install.exe
    C:\Users\Bernard\AppData\Local\Temp\war3_Install.exe
    C:\Users\Bernard\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
    C:\Users\Bernard\AppData\Local\Temp\wlsetup-cvr.exe
    C:\Users\Bernard\AppData\Local\Temp\WMQ37D1.exe
    C:\Users\Bernard\AppData\Local\Temp\woavfvtd.dll
    C:\Users\Bernard\AppData\Local\Temp\xmlUpdater.exe
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At10.job
    C:\Windows\Tasks\At11.job
    C:\Windows\Tasks\At12.job
    C:\Windows\Tasks\At13.job
    C:\Windows\Tasks\At14.job
    C:\Windows\Tasks\At15.job
    C:\Windows\Tasks\At16.job
    C:\Windows\Tasks\At17.job
    C:\Windows\Tasks\At18.job
    C:\Windows\Tasks\At19.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At20.job
    C:\Windows\Tasks\At21.job
    C:\Windows\Tasks\At22.job
    C:\Windows\Tasks\At23.job
    C:\Windows\Tasks\At24.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    C:\Windows\Tasks\At5.job
    C:\Windows\Tasks\At6.job
    C:\Windows\Tasks\At7.job
    C:\Windows\Tasks\At8.job
    C:\Windows\Tasks\At9.job
    Task: {015507FC-44DD-41EF-8237-CB71B392E53B} - System32\Tasks\At19 => C:\Windows\Fonts\iiJX8v5.com
    Task: {13BCD0D0-7063-4D01-8237-878135C4A7A5} - System32\Tasks\At5 => C:\Windows\Fonts\iiJX8v5.com
    Task: {14D2CBEE-C23D-4251-90AB-40328A3E4896} - System32\Tasks\At11 => C:\Windows\Fonts\iiJX8v5.com
    Task: {15BF8913-C79E-457B-8F9A-B3D10629718A} - System32\Tasks\At7 => C:\Windows\Fonts\iiJX8v5.com
    Task: {1A8CF4B0-2E5A-49CE-9BEA-CEE9B65C0E78} - System32\Tasks\At3 => C:\Windows\Fonts\iiJX8v5.com
    Task: {27F720A2-756A-4CD2-B32A-1AACE7DF62BF} - System32\Tasks\At12 => C:\Windows\Fonts\iiJX8v5.com
    Task: {2F2774E1-C7B9-4778-A2CB-C1E08DA4B5A2} - System32\Tasks\At2 => C:\Windows\Fonts\iiJX8v5.com
    Task: {33758925-F1BA-484B-902D-ABB4CEC065E1} - System32\Tasks\At22 => C:\Windows\Fonts\iiJX8v5.com
    Task: {3BF8CB04-0CDD-4984-89A8-B5FC5240423E} - System32\Tasks\At4 => C:\Windows\Fonts\iiJX8v5.com
    Task: {4597A12C-E957-48D3-969B-6C8A4507DF33} - System32\Tasks\At21 => C:\Windows\Fonts\iiJX8v5.com
    Task: {4A9B26AB-FB23-4F35-9429-7F3B09151C7A} - System32\Tasks\At17 => C:\Windows\Fonts\iiJX8v5.com
    Task: {506D0DB8-EC04-4478-A0EF-E9C8BACD44C2} - System32\Tasks\At23 => C:\Windows\Fonts\iiJX8v5.com
    Task: {59CC5B42-9DAA-49D5-814B-0FBB83AD7C68} - System32\Tasks\At8 => C:\Windows\Fonts\iiJX8v5.com
    Task: {63369909-26CE-4ED8-AD96-78DF12356E04} - System32\Tasks\At14 => C:\Windows\Fonts\iiJX8v5.com
    Task: {7AC685BE-879D-4AF6-AA94-D91A0AA72679} - System32\Tasks\At16 => C:\Windows\Fonts\iiJX8v5.com
    Task: {7C0750E9-2D54-4782-BD64-8DFC676CEF69} - System32\Tasks\At13 => C:\Windows\Fonts\iiJX8v5.com
    Task: {8BE67D72-FDD0-412F-A2BF-36415806C5FD} - System32\Tasks\At24 => C:\Windows\Fonts\iiJX8v5.com
    Task: {A5B9D345-C11D-4E0A-9BE2-077B0C74BDD8} - System32\Tasks\At15 => C:\Windows\Fonts\iiJX8v5.com
    Task: {A9682324-32D9-45C9-908E-608EC6B80FBA} - System32\Tasks\At9 => C:\Windows\Fonts\iiJX8v5.com
    Task: {C946C484-5047-474F-93B5-73FF61280CDC} - System32\Tasks\At10 => C:\Windows\Fonts\iiJX8v5.com
    Task: {E0220ABC-E002-4AC1-9046-CF7A5428086A} - System32\Tasks\At1 => C:\Windows\Fonts\iiJX8v5.com
    Task: {E17FAD3F-420F-4CE9-A238-18BD8CEDDC7A} - System32\Tasks\At6 => C:\Windows\Fonts\iiJX8v5.com
    Task: {E26BAF39-A7A6-46F1-9F9F-65CEA49E10BB} - System32\Tasks\At18 => C:\Windows\Fonts\iiJX8v5.com
    Task: {E8E91512-0E90-4CB9-9F6E-27958E4B9098} - System32\Tasks\At20 => C:\Windows\Fonts\iiJX8v5.com
    Task: {EEE6C8EE-F16D-4EBB-84AC-884EF3546770} - System32\Tasks\Tkjhljntu => C:\Windows\SysWOW64\cmlual.dll [2011-07-29] ()
    Task: C:\Windows\Tasks\Tkjhljntu.job => ?
    AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
    AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
    AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
    AlternateDataStreams: C:\ProgramData\TEMP:720EA308
    AlternateDataStreams: C:\ProgramData\TEMP:79F042EF
    AlternateDataStreams: C:\ProgramData\TEMP:BEB15613

    *****************

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
    C:\Users\Bernard\AppData\Roaming\SearchProtect => Moved successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{442fb762-9425-11de-aae1-001fc65f3688} => Key deleted successfully.
    HKCR\CLSID\{442fb762-9425-11de-aae1-001fc65f3688} => Key not found.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5447d0ef-c663-11de-9e46-001fc65f3688} => Key deleted successfully.
    HKCR\CLSID\{5447d0ef-c663-11de-9e46-001fc65f3688} => Key not found.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll => Value deleted successfully.
    C:\Program Files (x86)\SearchProtect => Moved successfully.
    C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe not found.
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{f999a48b-1950-4d81-9971-79018f807b4b} => Value deleted successfully.
    HKCR\CLSID\{f999a48b-1950-4d81-9971-79018f807b4b} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E156CB0-82F2-47D1-A6D2-471A6EF0DB3B} => Key deleted successfully.
    HKCR\CLSID\{6E156CB0-82F2-47D1-A6D2-471A6EF0DB3B} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} => Key deleted successfully.
    HKCR\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.
    HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{bf00e119-21a3-4fd1-b178-3b8537e75c92} => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F999A48B-1950-4D81-9971-79018F807B4B} => Value deleted successfully.
    HKCR\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B} => Key not found.
    HKCR\Wow6432Node\PROTOCOLS\Handler\livecall => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key deleted successfully.
    HKCR\Wow6432Node\PROTOCOLS\Handler\msnim => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
    Hosts was reset successfully.
    CltMngSvc => Service deleted successfully.
    C:\Users\Bernard\AppData\Local\89531bfe => Moved successfully.
    C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e} => Moved successfully.
    C:\ProgramData\0tbpw.pad => Moved successfully.
    C:\ProgramData\hash.dat => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\539E36B.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\715D609.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\7za.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\AdbWinApi.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\AdbWinUsbApi.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\AskInstallChecker-1.4.0.0.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\askToolbarInstaller.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\bdfilters.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit1D1D.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit2059.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit20B4.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit2ECA.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit377E.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit4BB6.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit5690.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit5D5B.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit6322.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Bit8E64.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\BitA2B1.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\BitB328.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\BitC938.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\BitCDA7.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\BitD38.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\BitD70A.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\CH.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\conduitinstaller.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Copy.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Coupon-Caddy-ppi-MULTI.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\DLBT.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\dl_peer_id.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Dragons Dogma - Editor.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Execute2App.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Fault_inst.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\FJ_Downloader.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\GomEncDnInstaller.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\gtapi.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\HiRezLauncherControls.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\HOMEFRONT(1).exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Hotspot_Shield.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\inst.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\installerdll34682579.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\installerdll34684903.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\installerdll34691861.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\installerdll6410205.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\installerdll6423091.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\InstStub.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\jshortcut-1610750577578842815.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Kies2RemoveAll.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\KWI62F0.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Lng.Dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\msvcp90.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\msvcr90.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\MyBabylonTB.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\NEventMessages.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\NGMDll.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\NGMResource.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\NGMSetup.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\nsisdt.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\nsk364D.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\nsp1278.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\nsu2E4B.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\nsuB777.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Ochibo_DLSetup.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\OneClickRoot_Installer.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\OptimizerPro.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\OriginLauncher34682579.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\ose00000.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\OWE1FEE.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\proxy_vole3838149727586769226.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\PurpleBean.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\QuickShare1.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\rootsupd.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\setup.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\SicheatsTrainer.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\sonarinst.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\SPStub.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp24BA.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp3889.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp4690.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp53E9.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp6A09.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp6B7F.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp6EE8.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp848B.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp8508.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp979F.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmp9D88.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmpF826.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\tmpFF10.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\ubiBAE0.tmp.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\unicows.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\Uninstall.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\unlockrootsetup.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\wajam_install.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\war3_Install.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\wlsetup-cvr.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\WMQ37D1.exe => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\woavfvtd.dll => Moved successfully.
    C:\Users\Bernard\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
    C:\Windows\Tasks\At1.job => Moved successfully.
    C:\Windows\Tasks\At10.job => Moved successfully.
    C:\Windows\Tasks\At11.job => Moved successfully.
    C:\Windows\Tasks\At12.job => Moved successfully.
    C:\Windows\Tasks\At13.job => Moved successfully.
    C:\Windows\Tasks\At14.job => Moved successfully.
    C:\Windows\Tasks\At15.job => Moved successfully.
    C:\Windows\Tasks\At16.job => Moved successfully.
    C:\Windows\Tasks\At17.job => Moved successfully.
    C:\Windows\Tasks\At18.job => Moved successfully.
    C:\Windows\Tasks\At19.job => Moved successfully.
    C:\Windows\Tasks\At2.job => Moved successfully.
    C:\Windows\Tasks\At20.job => Moved successfully.
    C:\Windows\Tasks\At21.job => Moved successfully.
    C:\Windows\Tasks\At22.job => Moved successfully.
    C:\Windows\Tasks\At23.job => Moved successfully.
    C:\Windows\Tasks\At24.job => Moved successfully.
    C:\Windows\Tasks\At3.job => Moved successfully.
    C:\Windows\Tasks\At4.job => Moved successfully.
    C:\Windows\Tasks\At5.job => Moved successfully.
    C:\Windows\Tasks\At6.job => Moved successfully.
    C:\Windows\Tasks\At7.job => Moved successfully.
    C:\Windows\Tasks\At8.job => Moved successfully.
    C:\Windows\Tasks\At9.job => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{015507FC-44DD-41EF-8237-CB71B392E53B} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{015507FC-44DD-41EF-8237-CB71B392E53B} => Key deleted successfully.
    C:\Windows\System32\Tasks\At19 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13BCD0D0-7063-4D01-8237-878135C4A7A5} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13BCD0D0-7063-4D01-8237-878135C4A7A5} => Key deleted successfully.
    C:\Windows\System32\Tasks\At5 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14D2CBEE-C23D-4251-90AB-40328A3E4896} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14D2CBEE-C23D-4251-90AB-40328A3E4896} => Key deleted successfully.
    C:\Windows\System32\Tasks\At11 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15BF8913-C79E-457B-8F9A-B3D10629718A} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15BF8913-C79E-457B-8F9A-B3D10629718A} => Key deleted successfully.
    C:\Windows\System32\Tasks\At7 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A8CF4B0-2E5A-49CE-9BEA-CEE9B65C0E78} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A8CF4B0-2E5A-49CE-9BEA-CEE9B65C0E78} => Key deleted successfully.
    C:\Windows\System32\Tasks\At3 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27F720A2-756A-4CD2-B32A-1AACE7DF62BF} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27F720A2-756A-4CD2-B32A-1AACE7DF62BF} => Key deleted successfully.
    C:\Windows\System32\Tasks\At12 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F2774E1-C7B9-4778-A2CB-C1E08DA4B5A2} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F2774E1-C7B9-4778-A2CB-C1E08DA4B5A2} => Key deleted successfully.
    C:\Windows\System32\Tasks\At2 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33758925-F1BA-484B-902D-ABB4CEC065E1} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33758925-F1BA-484B-902D-ABB4CEC065E1} => Key deleted successfully.
    C:\Windows\System32\Tasks\At22 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BF8CB04-0CDD-4984-89A8-B5FC5240423E} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BF8CB04-0CDD-4984-89A8-B5FC5240423E} => Key deleted successfully.
    C:\Windows\System32\Tasks\At4 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4597A12C-E957-48D3-969B-6C8A4507DF33} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4597A12C-E957-48D3-969B-6C8A4507DF33} => Key deleted successfully.
    C:\Windows\System32\Tasks\At21 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A9B26AB-FB23-4F35-9429-7F3B09151C7A} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9B26AB-FB23-4F35-9429-7F3B09151C7A} => Key deleted successfully.
    C:\Windows\System32\Tasks\At17 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{506D0DB8-EC04-4478-A0EF-E9C8BACD44C2} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{506D0DB8-EC04-4478-A0EF-E9C8BACD44C2} => Key deleted successfully.
    C:\Windows\System32\Tasks\At23 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59CC5B42-9DAA-49D5-814B-0FBB83AD7C68} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59CC5B42-9DAA-49D5-814B-0FBB83AD7C68} => Key deleted successfully.
    C:\Windows\System32\Tasks\At8 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63369909-26CE-4ED8-AD96-78DF12356E04} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63369909-26CE-4ED8-AD96-78DF12356E04} => Key deleted successfully.
    C:\Windows\System32\Tasks\At14 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AC685BE-879D-4AF6-AA94-D91A0AA72679} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AC685BE-879D-4AF6-AA94-D91A0AA72679} => Key deleted successfully.
    C:\Windows\System32\Tasks\At16 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C0750E9-2D54-4782-BD64-8DFC676CEF69} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C0750E9-2D54-4782-BD64-8DFC676CEF69} => Key deleted successfully.
    C:\Windows\System32\Tasks\At13 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BE67D72-FDD0-412F-A2BF-36415806C5FD} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BE67D72-FDD0-412F-A2BF-36415806C5FD} => Key deleted successfully.
    C:\Windows\System32\Tasks\At24 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5B9D345-C11D-4E0A-9BE2-077B0C74BDD8} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5B9D345-C11D-4E0A-9BE2-077B0C74BDD8} => Key deleted successfully.
    C:\Windows\System32\Tasks\At15 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9682324-32D9-45C9-908E-608EC6B80FBA} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9682324-32D9-45C9-908E-608EC6B80FBA} => Key deleted successfully.
    C:\Windows\System32\Tasks\At9 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C946C484-5047-474F-93B5-73FF61280CDC} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C946C484-5047-474F-93B5-73FF61280CDC} => Key deleted successfully.
    C:\Windows\System32\Tasks\At10 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0220ABC-E002-4AC1-9046-CF7A5428086A} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0220ABC-E002-4AC1-9046-CF7A5428086A} => Key deleted successfully.
    C:\Windows\System32\Tasks\At1 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E17FAD3F-420F-4CE9-A238-18BD8CEDDC7A} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E17FAD3F-420F-4CE9-A238-18BD8CEDDC7A} => Key deleted successfully.
    C:\Windows\System32\Tasks\At6 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E26BAF39-A7A6-46F1-9F9F-65CEA49E10BB} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E26BAF39-A7A6-46F1-9F9F-65CEA49E10BB} => Key deleted successfully.
    C:\Windows\System32\Tasks\At18 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8E91512-0E90-4CB9-9F6E-27958E4B9098} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8E91512-0E90-4CB9-9F6E-27958E4B9098} => Key deleted successfully.
    C:\Windows\System32\Tasks\At20 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EEE6C8EE-F16D-4EBB-84AC-884EF3546770} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEE6C8EE-F16D-4EBB-84AC-884EF3546770} => Key deleted successfully.
    C:\Windows\System32\Tasks\Tkjhljntu => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tkjhljntu => Key deleted successfully.
    C:\Windows\Tasks\Tkjhljntu.job => Moved successfully.
    C:\ProgramData => ":$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM" ADS removed successfully.
    "C:\Users\All Users" => ":$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM" ADS not found.
    "C:\ProgramData\Application Data" => ":$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM" ADS not found.
    C:\ProgramData\TEMP => ":720EA308" ADS removed successfully.
    C:\ProgramData\TEMP => ":79F042EF" ADS removed successfully.
    C:\ProgramData\TEMP => ":BEB15613" ADS removed successfully.

    ==== End of Fixlog ====
  9. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  10. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
    Ran by SYSTEM on MINWINPC on 11-09-2013 21:54:37
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    HKLM\...\Run: [IAAnotif] - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
    HKLM\...\Run: [AlienFX Controller] - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [57672 2009-05-20] (Alienware Corporation)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [AVG_TRAY] - C:\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
    HKU\Bernard\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Bernard\...\Run: [igndlm.exe] - C:\Download Manager\dlm.exe [1103216 2009-05-14] (IGN Entertainment)
    HKU\Bernard\...\Run: [KiesHelper] - C:\Samsung\Kies\KiesHelper.exe /s
    HKU\Bernard\...\Run: [Akamai NetSession Interface] - C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
    HKU\Bernard\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [108136 2012-03-15] (Siber Systems)
    HKU\Bernard\...\Run: [DAEMON Tools Lite] - "C:\DAEMON Tools Lite\DTLite.exe" -autorun
    HKU\Bernard\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Bernard\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
    Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
    ShortcutTarget: Kuma_Tray.lnk -> C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe ()
    Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
    ShortcutTarget: ViiKiiDesktopPlugin.lnk -> C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe (No File)
    BootExecute: autocheck autochk * C:\AVG\AVG2012\avgrsa.exe /sync /restart

    ==================== Services (Whitelisted) =================

    S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
    S2 AVGIDSAgent; C:\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    S3 BITCOMET_HELPER_SERVICE; C:\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
    S2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()
    S2 hshld; C:\Hotspot Shield\bin\openvpnas.exe [474992 2012-07-24] ()
    S2 HssSrv; C:\Hotspot Shield\HssWPR\hsssrv.exe [404848 2012-07-24] (AnchorFree Inc.)
    S3 HssTrayService; C:\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-07-24] ()
    S2 HssWd; C:\Hotspot Shield\bin\hsswd.exe [387440 2012-07-24] ()
    S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3549696 2010-05-25] (INCA Internet Co., Ltd.)
    S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-03] ()
    S2 RadeonPro Support Service; C:\RadeonPro\RadeonProSupport.exe [12800 2011-02-10] (Mr. John aka japamd)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
    S2 SBSDWSCService; C:\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-07-26] (Wajam)

    ==================== Drivers (Whitelisted) ====================

    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-02] ()
    S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
    S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
    S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
    S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-23] (DT Soft Ltd)
    S2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
    S2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
    S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1487872 2008-05-08] (Conexant Systems, Inc.)
    S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-07-24] (AnchorFree Inc.)
    S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-01] ()
    S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
    S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
    S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-10-06] (Nokia)
    S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-10-06] (Nokia)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
    S3 PLCNDIS5; C:\Windows\SysWow64\PLCNDIS5.SYS [17280 2004-04-26] (Intellon, Inc.)
    S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-08-28] (Duplex Secure Ltd.)
    S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2009-10-06] (Nokia)
    S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
    S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
    S2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-08] ()
    S5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    S3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S3 PLCMPR5; \??\C:\Windows\system32\PLCMPR5.SYS [x]
    S3 PLCNDIS5; \??\C:\Windows\system32\PLCNDIS5.SYS [x]
    S3 X6va002; \??\C:\Users\Bernard\AppData\Local\Temp\002E129.tmp [x]
    S3 X6va005; \??\C:\Users\Bernard\AppData\Local\Temp\005B0D0.tmp [x]
    S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-09-11 17:29 - 2013-09-11 17:31 - 01949642 _____ (Farbar) C:\Users\Bernard\Desktop\FRST64.exe
    2013-09-11 16:08 - 2013-09-11 18:06 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Bernard\Desktop\avg_remover_stf_x64_2012_2125.exe
    2013-09-11 16:08 - 2013-09-11 16:08 - 00000758 _____ C:\Users\Bernard\Desktop\avgremover.log
    2013-09-11 16:08 - 2013-09-11 16:08 - 00000000 ____D C:\FRST
    2013-09-11 16:02 - 2013-09-11 16:03 - 00000000 ___SD C:\ComboFix
    2013-09-11 15:57 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2013-09-11 15:57 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2013-09-11 15:57 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2013-09-11 15:57 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2013-09-11 15:57 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2013-09-11 15:57 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2013-09-11 15:57 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2013-09-11 15:57 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2013-09-11 15:49 - 2013-09-11 15:57 - 00000000 ____D C:\Qoobox
    2013-09-11 15:48 - 2013-09-11 15:48 - 00000000 ____D C:\Windows\erdnt
    2013-09-11 15:42 - 2013-09-11 17:28 - 05124599 ____R (Swearware) C:\Users\Bernard\Desktop\ComboFix.exe
    2013-09-11 05:05 - 2013-09-11 05:05 - 00024352 _____ C:\Users\Bernard\Desktop\dds.txt
    2013-09-11 05:00 - 2013-09-11 15:48 - 00000000 ____D C:\anti virus
    2013-09-11 04:10 - 2013-09-11 04:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
    2013-09-11 04:09 - 2013-09-11 04:09 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-09-11 04:09 - 2013-09-11 04:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
    2013-09-11 04:09 - 2013-04-04 12:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-09-11 03:33 - 2013-09-11 03:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
    2013-09-11 01:04 - 2013-07-31 06:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-09-11 01:04 - 2013-07-31 05:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-09-11 01:04 - 2013-07-31 05:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-09-11 01:04 - 2013-07-31 05:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-09-11 01:04 - 2013-07-31 05:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-09-11 01:04 - 2013-07-31 05:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-09-11 01:04 - 2013-07-31 05:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-09-11 01:04 - 2013-07-31 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-09-11 01:04 - 2013-07-31 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-09-11 01:04 - 2013-07-31 05:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-09-11 01:04 - 2013-07-31 05:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-09-11 01:04 - 2013-07-31 05:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-09-11 01:04 - 2013-07-31 05:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-09-11 01:04 - 2013-07-31 05:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-09-11 01:04 - 2013-07-31 05:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-09-11 01:04 - 2013-07-31 05:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-09-11 01:04 - 2013-07-31 02:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-09-11 01:04 - 2013-07-31 02:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-09-11 01:04 - 2013-07-31 02:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-09-11 01:04 - 2013-07-31 01:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-09-11 01:04 - 2013-07-31 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-09-11 01:04 - 2013-07-31 01:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-09-11 01:04 - 2013-07-31 01:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-09-11 01:04 - 2013-07-31 01:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-09-11 01:04 - 2013-07-31 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-09-11 01:04 - 2013-07-31 01:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-09-11 01:04 - 2013-07-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-09-11 01:04 - 2013-07-31 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-09-11 01:04 - 2013-07-31 01:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-09-11 01:04 - 2013-07-31 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-09-11 01:04 - 2013-07-31 01:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-09-11 01:04 - 2013-07-31 01:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-09-10 19:55 - 2013-08-07 18:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-09-10 19:55 - 2013-07-16 01:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll
    2013-09-10 19:55 - 2013-07-15 20:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
    2013-09-08 21:56 - 2013-09-08 21:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
    2013-09-08 21:48 - 2013-09-08 21:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
    2013-09-08 21:48 - 2013-09-08 21:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
    2013-09-08 21:29 - 2013-09-09 15:10 - 00000000 ____D C:\Divinity Dragon Commander
    2013-08-27 17:29 - 2013-08-02 06:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2013-08-27 17:29 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-08-13 21:30 - 2013-07-17 12:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-08-13 21:30 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-08-13 21:30 - 2013-07-10 01:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2013-08-13 21:30 - 2013-07-10 01:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
    2013-08-13 21:30 - 2013-07-09 04:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-08-13 21:30 - 2013-07-09 04:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-08-13 21:30 - 2013-07-07 20:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-08-13 21:30 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-08-13 21:30 - 2013-07-07 20:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-08-13 21:30 - 2013-07-07 20:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-08-13 21:30 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-08-13 21:30 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-08-13 21:30 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-08-13 21:30 - 2013-07-07 20:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-08-13 21:30 - 2013-07-07 20:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-08-13 21:30 - 2013-07-07 20:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-08-13 21:30 - 2013-07-07 20:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-08-13 21:30 - 2013-07-07 20:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-08-13 21:30 - 2013-07-07 20:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-08-13 21:30 - 2013-07-07 17:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-08-13 21:30 - 2013-07-07 17:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-08-13 21:30 - 2013-07-07 17:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-08-13 21:30 - 2013-07-04 20:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-08-13 21:30 - 2013-06-15 05:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
    2013-08-13 21:30 - 2013-06-15 03:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

    ==================== One Month Modified Files and Folders =======

    2013-09-11 18:06 - 2013-09-11 16:08 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Bernard\Desktop\avg_remover_stf_x64_2012_2125.exe
    2013-09-11 17:31 - 2013-09-11 17:29 - 01949642 _____ (Farbar) C:\Users\Bernard\Desktop\FRST64.exe
    2013-09-11 17:28 - 2013-09-11 15:42 - 05124599 ____R (Swearware) C:\Users\Bernard\Desktop\ComboFix.exe
    2013-09-11 16:08 - 2013-09-11 16:08 - 00000758 _____ C:\Users\Bernard\Desktop\avgremover.log
    2013-09-11 16:08 - 2013-09-11 16:08 - 00000000 ____D C:\FRST
    2013-09-11 16:03 - 2013-09-11 16:02 - 00000000 ___SD C:\ComboFix
    2013-09-11 15:57 - 2013-09-11 15:49 - 00000000 ____D C:\Qoobox
    2013-09-11 15:48 - 2013-09-11 15:48 - 00000000 ____D C:\Windows\erdnt
    2013-09-11 15:48 - 2013-09-11 05:00 - 00000000 ____D C:\anti virus
    2013-09-11 06:06 - 2009-08-10 19:25 - 00000732 _____ C:\Users\Bernard\AppData\Local\d3d9caps64.dat
    2013-09-11 05:23 - 2010-11-13 13:33 - 00002032 _____ C:\Users\Bernard\AppData\Local\d3d9caps.dat
    2013-09-11 05:23 - 2010-06-19 02:31 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\vlc
    2013-09-11 05:05 - 2013-09-11 05:05 - 00024352 _____ C:\Users\Bernard\Desktop\dds.txt
    2013-09-11 04:41 - 2008-01-20 19:26 - 00246110 _____ C:\Windows\PFRO.log
    2013-09-11 04:10 - 2013-09-11 04:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
    2013-09-11 04:09 - 2013-09-11 04:09 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-09-11 04:09 - 2013-09-11 04:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
    2013-09-11 04:02 - 2009-08-10 21:31 - 00000000 ____D C:\Program Installers
    2013-09-11 03:33 - 2013-09-11 03:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
    2013-09-11 03:13 - 2009-08-10 19:18 - 01245360 _____ C:\Windows\WindowsUpdate.log
    2013-09-11 03:08 - 2006-11-02 07:21 - 00411064 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-09-11 01:23 - 2006-11-02 07:42 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-09-11 01:23 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-09-11 01:23 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-09-11 01:23 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-09-11 01:20 - 2009-08-10 23:31 - 00000000 ____D C:\BitComet
    2013-09-11 01:06 - 2009-09-13 18:57 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-09-11 00:52 - 2010-05-27 02:06 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-09-10 21:46 - 2009-08-12 00:00 - 00000000 ____D C:\Clips
    2013-09-10 16:27 - 2012-02-24 22:32 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2013-09-10 16:05 - 2009-08-11 21:22 - 00000000 ____D C:\Steam
    2013-09-10 14:12 - 2010-05-27 02:06 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-09-09 15:10 - 2013-09-08 21:29 - 00000000 ____D C:\Divinity Dragon Commander
    2013-09-09 02:52 - 2009-12-21 00:47 - 00000000 ____D C:\Movies
    2013-09-09 00:36 - 2006-11-02 04:46 - 00777444 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-09-09 00:28 - 2009-08-10 23:32 - 00000000 ____D C:\Torrents
    2013-09-08 22:55 - 2009-08-10 21:32 - 00000000 ____D C:\Mozilla Firefox
    2013-09-08 21:56 - 2013-09-08 21:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
    2013-09-08 21:48 - 2013-09-08 21:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
    2013-09-08 21:48 - 2013-09-08 21:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
    2013-09-08 21:47 - 2009-08-11 17:07 - 01084497 _____ C:\Windows\DirectX.log
    2013-09-08 21:01 - 2009-08-11 13:21 - 00000000 ____D C:\Games
    2013-09-07 17:35 - 2013-02-16 00:13 - 00000000 ____D C:\Strike Suit Zero
    2013-09-07 17:32 - 2008-05-12 10:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-09-07 16:55 - 2009-08-12 00:01 - 00022016 _____ C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-09-07 16:51 - 2011-07-17 23:32 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\dvdcss
    2013-09-06 15:47 - 2010-12-05 16:47 - 00000000 ____D C:\Users\Bernard\AppData\Local\Paint.NET
    2013-08-30 23:18 - 2010-03-02 23:14 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Skype
    2013-08-30 12:45 - 2006-11-02 07:27 - 00156805 _____ C:\Windows\setupact.log
    2013-08-30 00:00 - 2009-08-11 02:48 - 00000000 ____D C:\Anime
    2013-08-22 21:11 - 2013-03-12 20:40 - 00000000 _____ C:\END
    2013-08-19 05:11 - 2010-10-20 23:05 - 00000000 ____D C:\ipad
    2013-08-14 01:47 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 6142.39 MB
    Available physical RAM: 5322.3 MB
    Total Pagefile: 5721.81 MB
    Available Pagefile: 5298.5 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:687.32 GB) (Free:2.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.31 GB) (Free:1.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (USB DISK) (Removable) (Total:57.58 GB) (Free:0.3 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=687 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 58 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=58 GB) - (Type=0C)


    LastRegBack: 2013-09-11 15:43

    ==================== End Of Log ============================
  11. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Looks clean now.

    I need to know when was the last time (date) when you were able to boot normally.

    You will need a USB flash drive.

    Download GETxPUD.exe to the desktop of your clean computer
    • Run GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Next download rst.sh to your USB flash drive
    • Remove the USB & CD and insert it in the sick computer
    • Boot the Sick computer with the CD you just burned
    • The computer must be set to boot from the CD
    • Gently tap F12 and choose to boot from the CD
    • Follow the prompts
    • A Welcome to xPUD screen will appear
    • Press File
    • Expand mnt
    • sda1,2...usually corresponds to your HDD
    • sdb1 is likely your USB
    • Click on the folder that represents your USB drive (sdb1 ?)
    • Confirm that you see rst.sh that you downloaded there
    • Press Tool at the top
    • Choose Open Terminal
    • Type bash rst.sh
    • Press Enter
    • After it has finished a report will be located on your USB drive named enum.log
    • Remove the USB drive and insert it back in your working computer and navigate to enum.log

      Please note - all text entries are case sensitive
    Copy and paste the enum.log for my review
     
  12. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    Does it have to be a CD? Can it be a DVD?
  13. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    DVD may work.
    Make sure you answer my question.
  14. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    xPUD isn't working. Here's what I'm seeing:

    Fatal server error:
    no screens found

    Please consult the The X.Org Foundation support at http://wiki.x.org for help.
    Please also check the log file at "/var/log/Xorg.0.log" for additional information.

    ddxSigGiveUp: Closing Log
    [ 6.096902] sd 0:0:0:0: [sdb] Assuming drive cache: write through
    [ 6.101146] sd 0:0:0:0: [sdb] Assuming drive cache: write through
    [ 6.105648] sd 0:0:0:0: [sdb] Assuming drive cache: write through
    giving up.
    xinit: No such file or directory (errno 2): unable to connect to X server
    xinit: No such process (errno 3): Server error.
    xauth: (argv):1: bad display name "(none):0" in "remove" command
    sh: no job control in this shell
    sh-4.0#
  15. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    At what point are you getting such error?

    My bed time is coming so what you can also try is to boot back to safe mode and try some restore point prior to the issue.
  16. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    Right after choosing the language in xPUD.
  17. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    Update: I can boot up Vista normally but it takes an extremely long time. My computer also slows down to a crawl once it's loaded up. So at least there's progress. I guess we'll continue this tomorrow, good night to you.
  18. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Very well :)

    Re-run DDS and MBAM in normal mode and post fresh logs.
    Make sure you update MBAM.
  19. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    Sorry I got back to you so late, but my OS does load up and run and normal speed now. Also, may I know what was wrong with my computer and what you did to it to fix it? Because after the fix, I noticed that I could no longer mount images, and that uninstalling Daemon Tools would give me a BSOD. Anyway, here are the logs, MBAM first:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.16.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Bernard :: BERNARD-PC [administrator]

    16/09/2013 1:15:31 AM
    mbam-log-2013-09-16 (01-15-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 289187
    Time elapsed: 26 minute(s), 3 second(s)

    Memory Processes Detected: 1
    C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> 2940 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 35
    HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamBHO (PUP.Optional.Wajam.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
    HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
    HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> No action taken.
    HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.JsObject (PUP.Funshion) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
    HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
    HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
    HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
    HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
    HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
    HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> No action taken.
    HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> No action taken.
    HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken.
    HKLM\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> No action taken.

    Registry Values Detected: 2
    HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 5921 -> No action taken.
    HKLM\SOFTWARE\Wajam|red (PUP.Optional.Wajam.A) -> Data: 1 -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 4
    C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> No action taken.

    Files Detected: 12
    C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\IE\PRIAM_BHO.DLL (PUP.Optional.Wajam.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\0YudRA7T.exe.part (PUP.Optional.SweetIM) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> No action taken.
    C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> No action taken.

    (end)
  20. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.13.2
    Run by Bernard at 21:30:57 on 2013-09-15
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\AVG\AVG2012\avgrsa.exe
    C:\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\AVG\AVG2012\avgnsa.exe
    c:\hp\HPEZBTN\HPBtnSrv.exe
    C:\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Hotspot Shield\bin\hsswd.exe
    C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\RadeonPro\RadeonProSupport.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Spybot - Search & Destroy\SDWinSec.exe
    C:\AVG\AVG2012\AVGIDSAgent.exe
    C:\WINDOWS\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
    C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
    C:\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\SysWOW64\conime.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Windows\system32\wuauclt.exe
    C:\Waterfox\waterfox.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    uProxyServer = hxxp=183.181.25.248:80
    uProxyOverride = 127.0.0.1:9421;*.local;<local>
    mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssie.dll
    BHO: 3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class: {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll
    BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [igndlm.exe] C:\Download Manager\dlm.exe /windowsstart /startifwork
    uRun: [KiesHelper] C:\Samsung\Kies\KiesHelper.exe /s
    uRun: [Akamai NetSession Interface] "C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe"
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    uRun: [DAEMON Tools Lite] "C:\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    mRun: [AVG_TRAY] "C:\AVG\AVG2012\avgtray.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KUMA_T~1.LNK - C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
    StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VIIKII~1.LNK - C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &?????? - <no file>
    IE: &?????????? - <no file>
    IE: &Download All with FlashGet - C:\FlashGet\jc_all.htm
    IE: &Download with FlashGet - C:\FlashGet\jc_link.htm
    IE: &E1OAOAƒÊ‹IAOO - <no file>
    IE: &E1OAOAƒÊ‹IAOOEá2?AL?O - <no file>
    IE: &U????????? - <no file>
    IE: &U?????????????????? - <no file>
    IE: &UE1OAA~EEIAOO2‘EO2O - <no file>
    IE: &UE1OAA~EEIAOO2‘EO2O - <no file>
    IE: &UŽg—p•Äl‰º?›ó¾åU - <no file>
    IE: &UŽg—p•Äl‰º?›ó¾åU - <no file>
    IE: &E1OAOAƒÊ‹IAOO - <no file>
    IE: &E1OAOAƒÊ‹IAOOEá2?AL?O - <no file>
    IE: &Žg—p115?’`‰º? - <no file>
    IE: &Žg—p115?’`‰º?‘S•”?Ú - <no file>
    IE: &Žg—p?’`‰º? - <no file>
    IE: &Žg—p?’`‰º?‘S•”?Ú - <no file>
    IE: &ѸÀ×ÏÂÔص½ÊÖ» - <no file>
    IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Download with Xilisoft Download YouTube Video - C:\Xilisoft\Download YouTube Video\upod_link.HTM
    IE: Download with Xilisoft YouTube Video Converter - C:\Xilisoft\YouTube Video Converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiex.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\FlashGet.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/stg_drm.ocx
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/armhelper.ocx
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{081F9EF9-9B38-4560-8DE5-BCF5512DA67E} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{1E2774A5-2766-4D2A-9844-B884397420A9} : NameServer = 208.67.222.222,208.67.220.220
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\MP3 Skype Recorder\Skype4COM.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssiea.dll
    x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [RtHDVCpl] RAVCpl64.exe
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
    x64-Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    x64-Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
    x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiea.dll
    x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgppa.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\
    FF - prefs.js: network.proxy.type - 2
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\CSWebLauncher@cyberstep.com\plugins\npCsWebLauncher.dll
    FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_169.dll
    FF - ExtSQL: 2013-08-09 17:08; firefox@mega.co.nz; C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\firefox@mega.co.nz.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-14 8704]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-2-23 254528]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-24 41704]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-26 239616]
    R2 AVGIDSAgent;AVGIDSAgent;C:\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
    R2 avgwd;AVG WatchDog;C:\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 HOSTNT;Hostnt;C:\Windows\System32\drivers\hostnt.sys [2012-5-13 13864]
    R2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2008-5-12 198240]
    R2 HssWd;Hotspot Shield Monitoring Service;C:\Hotspot Shield\bin\hsswd.exe [2012-7-24 387440]
    R2 RadeonPro Support Service;RadeonPro Support Service;C:\RadeonPro\RadeonProSupport.exe [2012-3-8 12800]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Spybot - Search & Destroy\SDWinSec.exe [2010-2-17 1153368]
    R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-7-26 109064]
    R2 YLMFVDISK;YLMF Virtual Diskette V1;C:\Windows\System32\drivers\VirtDisk64.sys [2012-4-14 23896]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-5-8 411136]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2008-5-12 405504]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 hshld;Hotspot Shield Service;C:\Hotspot Shield\bin\openvpnas.exe [2012-7-24 474992]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2011-6-15 39424]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\BitComet\tools\BitCometService.exe -service --> C:\BitComet\tools\BitCometService.exe -service [?]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2008-5-12 1379584]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-12-18 121416]
    S3 ncvet.dll;ncvet.dll;C:\WINDOWS\Temp\ncvet.dll [2011-9-14 24144]
    S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-10-6 25088]
    S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2009-10-6 18944]
    S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-6-25 35344]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 X6va006;X6va006;C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [2012-3-17 17192]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-22 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-08-08 02:03:11 2775552 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-07 10:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-31 14:17:31 17833472 ----a-w- C:\Windows\System32\mshtml.dll
    2013-07-31 13:42:12 10926080 ----a-w- C:\Windows\System32\ieframe.dll
    2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-31 13:20:02 1346560 ----a-w- C:\Windows\System32\urlmon.dll
    2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-07-31 13:17:24 237056 ----a-w- C:\Windows\System32\url.dll
    2013-07-31 13:16:12 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-07-31 13:13:05 816640 ----a-w- C:\Windows\System32\jscript.dll
    2013-07-31 13:11:46 2147840 ----a-w- C:\Windows\System32\iertutil.dll
    2013-07-31 13:11:41 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2013-07-31 13:09:35 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-31 13:05:14 248320 ----a-w- C:\Windows\System32\ieui.dll
    2013-07-31 10:30:56 12335104 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2013-07-31 10:05:18 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-31 09:53:17 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-07-31 09:51:29 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2013-07-31 09:49:58 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-07-31 09:48:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-07-31 09:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2013-07-31 09:46:37 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2013-07-31 09:45:59 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-31 09:42:36 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-16 09:25:53 689152 ----a-w- C:\Windows\System32\themeui.dll
    2013-07-16 04:35:16 615936 ----a-w- C:\Windows\SysWow64\themeui.dll
    2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
    2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
    2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2010-08-03 17:11:16 819200 --sha-w- C:\Windows\SysWOW64\xvidcore.dll
    2010-08-03 17:11:16 180224 --sha-w- C:\Windows\SysWOW64\xvidvfw.dll
    .
    ============= FINISH: 21:32:38.05 ===============
  21. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU 1 | 2400/267mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 687 GiB total, 7.143 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.504 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Description: A2IW4ESM IDE Controller
    Device ID: ACPI\PNPA000\4&5D18F2DF&0
    Manufacturer: (Standard mass storage controllers)
    Name: A2IW4ESM IDE Controller
    PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
    Service: a03dcln8
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    115UDown
    7-Zip 4.65 (x64 edition)
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.2
    Adobe Shockwave Player 11.5
    Age of Empires III: Complete Collection
    Aion
    AirMech
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Alienware TactX(TM) Mouse CI 1.00
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    Any Video Converter 5 5.0.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Assassin's Creed Revelations
    Audacity 1.2.6
    Audiosurf
    AVG 2012
    Bandisoft MPEG-1 Decoder
    Battlelog Web Plugins
    Beat Hazard
    BIT.TRIP RUNNER (remove only)
    BitComet 1.14
    BitComet 1.31 64-bit
    Bonjour
    Call of Juarez The Cartel
    Capsule
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Cheat Engine 5.5
    Cheat Engine 5.6.1
    Cheat Engine 6.2
    CloneDVD2
    Combined Community Codec Pack 2011-07-30
    Command Center
    Compatibility Pack for the 2007 Office system
    Counter-Strike: Source
    Cucusoft YouTube Mate 7.18
    CyberLink DVD Suite Deluxe
    CyberLink PowerDirector
    D3DX10
    DAEMON Tools Lite
    Dark Souls Prepare to Die Edition
    Dark Souls Prepare To Die Edition version 5.1
    Dell Voice
    DH Mobility Modder.NET
    Diner Dash 2
    DiskAid 4.11
    Divinity: Dragon Commander
    Download Manager 2.3.6
    Driver San Francisco
    Driver Sweeper version 3.2.0
    Dual-Core Optimizer
    Enhanced Multimedia Keyboard Solution
    ESN Sonar
    Fable III
    Far Cry 3
    FlashGet 1.9.6.1073
    Free AVI MPEG WMV MP4 FLV Video Joiner 5.0.2
    Free Video Joiner 1.1
    FreeArc 0.666
    FreeOnlineRadioPlayerRecorder Toolbar
    Freez FLV to MP3 Converter
    Game Dev Tycoon DEMO version 1.0.1
    Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1
    GamersFirst LIVE!
    GenesisAD_Setup
    GOM Player
    GOMTV Streamer
    Google Earth Plug-in
    Google Update Helper
    GrandDog Run Time System V1.0.35
    Hamachi 1.0.3.0
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hex Workshop v6
    HF pAppLoc version 1.0
    Hi-Rez Studios Authenticate and Update Service
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotspot Shield 2.65
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP Picasso Media Center Add-In
    HP Total Care Advisor
    HP Update
    HuxleyTheDystopia
    iFunbox (v2.6.2375.747), iFunbox DevTeam
    ijji Auto Installer
    ILLUSION@ƒWƒ“ƒRƒEƒKƒNƒGƒ“ ‚«‚á‚ç‚ß‚¢‚
    ImgBurn
    Intel(R) Matrix Storage Manager
    iPhone Explorer 2.102
    iTunes
    Java 7 Update 13
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) SE Runtime Environment 6 Update 1
    JDownloader 2
    LabelPrint
    League of Legends
    Left 4 Dead 2 Add-on Support
    LightScribe System Software 1.12.37.1
    LightScribeTemplateLabeler
    Malwarebytes Anti-Malware version 1.75.0.1300
    Max Payne 3
    MD5 Checker version 4.0.0
    Mega Manager
    MegaTrainer eXperience V1.1.1.1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 60 day trial
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Microsoft Windows Application Compatibility Database
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    MIKSOFT Mobile AMR converter
    MKVtoolnix 4.7.0
    MotioninJoy Gamepad tool 0.7.1001
    Mozilla Firefox 7.0.1 (x86 en-GB)
    MP3 Skype Recorder
    Mp3tag v2.49
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    My HP Games
    Natural Selection 2
    NCsoft Launcher
    Neffy 1,2,4,0
    Nexon Game Manager
    Nitronic Rush (2011-11-11) version 20111111.0
    Nokia Connectivity Cable Driver
    Notepad++
    NVIDIA Drivers
    NVIDIA PhysX
    OGPlanet Game Launcher
    OpenAL
    Origin
    Paint.NET v3.5.6
    Pando Media Booster
    PC Connectivity Solution
    PCSX2 - Playstation 2 Emulator
    Pcsx2 0.9.6
    Pcsx2 Cheat converter
    piaip AppLocale
    PlanetSide 2
    plist Editor Pro 2.0.0
    PlugLink 9650 Utility
    Poker Night 2
    Power2Go
    PS3 Cheats Editor
    PunkBuster Services
    Python 2.5
    QuickTime
    RadeonPro 1.0 (Build 1.1.0.6)
    RapidLinkConverter
    RaySource 2.1.10.8366
    REACTOR
    Real Alternative 2.0.0
    Realtek High Definition Audio Driver
    Recettear: An Item Shop's Tale
    Recettear: An Item Shop's Tale - Demo
    redist
    RoboForm 7-7-4 (All Users)
    Rockstar Games Social Club
    SD Gundam Capsule Fighter
    Search Protect by conduit
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
    Segoe UI
    Skype Toolbars
    Skype? 6.3
    Soft Data Fax Modem with SmartCP
    Sonic and All Stars Racing Transformed (c) SEGA version 1
    Sony Ericsson DRM Packager 1.35
    Source SDK Base 2007
    Spybot - Search & Destroy
    StarCraft II
    Steam
    Super Street Fighter IV: Arcade Edition
    SWF Opener
    Team Fortress 2
    The Sims? 3
    The Sims? 3 Late Night
    The Sims? 3 Master Suite Stuff
    The Witcher 2
    Tom Clancy's Ghost Recon Future Soldier
    Ubisoft Game Launcher
    Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP
    Unity Web Player
    Universal Document Converter (Demo)
    UnLock Root 3.1.1
    UnLock Root Pro 3.41
    UNO - Undercover
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Uplay
    URL Snooper v2.29.01
    Ventrilo Client for Windows x64
    VirtualCloneDrive
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.0.5
    VueScan
    Wajam
    Warcraft III
    Warcraft III: All Products
    Waterfox
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinPcap 4.1.2
    WinRAR archiver
    WinSCP 4.3.2
    WMPTagSupportExtender
    Xilisoft Download YouTube Video
    Xilisoft YouTube Video Converter
    Xiph.Org Open Codecs 0.85.17777
    Yahoo! Messenger
    Yahoo! Toolbar
    ƒcƒSƒEƒmƒCƒC”ޏ—ƒ^ƒ`
    ‰Š‚Ì›s‚Ü‚¹‚¨‚Á‚Ï‚¢“û“¯‹‰¶
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/09/2013 9:28:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    15/09/2013 9:21:03 PM, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The system cannot find the file specified.
    15/09/2013 9:21:03 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The system cannot find the file specified.
    15/09/2013 9:04:02 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
    15/09/2013 9:01:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
    15/09/2013 9:00:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    15/09/2013 9:00:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
    15/09/2013 8:59:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    15/09/2013 8:59:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XAudioService service to connect.
    15/09/2013 8:59:11 PM, Error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/09/2013 8:58:49 PM, Error: Service Control Manager [7001] - The NVIDIA Display Driver Service service depends on the nvlddmkm service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    15/09/2013 8:57:08 PM, Error: EventLog [6008] - The previous system shutdown at 20:53:10 on 2013/09/15 was unexpected.
    15/09/2013 8:57:07 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    15/09/2013 8:39:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    15/09/2013 4:49:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RadeonPro Support Service service to connect.
    15/09/2013 4:49:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
    15/09/2013 4:49:35 PM, Error: Service Control Manager [7000] - The RadeonPro Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    14/09/2013 4:11:51 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service has not been started.
    13/09/2013 3:01:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    13/09/2013 3:01:41 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13/09/2013 3:00:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
  22. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Long story short we removed a lot of infections but we still have long way to go.

    Your MBAM log says "No action taken".
    Re-run MBAM fix all issues and post new log.

    Next...

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  23. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.16.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Bernard :: BERNARD-PC [administrator]

    16/09/2013 5:46:29 PM
    mbam-log-2013-09-16 (17-46-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 289078
    Time elapsed: 27 minute(s), 46 second(s)

    Memory Processes Detected: 1
    C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> 3624 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 35
    HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamBHO (PUP.Optional.Wajam.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
    HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
    HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> No action taken.
    HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.JsObject (PUP.Funshion) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
    HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
    HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
    HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
    HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
    HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
    HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> No action taken.
    HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> No action taken.
    HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 5921 -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wajam|red (PUP.Optional.Wajam.A) -> Data: 1 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 4
    C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Delete on reboot.
    C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Delete on reboot.

    Files Detected: 12
    C:\Users\Bernard\AppData\Local\Temp\0YudRA7T.exe.part (PUP.Optional.SweetIM) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Bernard\AppData\Local\Temp\ct2737658\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> Delete on reboot.
    C:\Program Files (x86)\Wajam\IE\PRIAM_BHO.DLL (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.

    (end)
  24. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    RogueKiller V8.6.11 _x64_ [Sep 11 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Bernard [Admin rights]
    Mode : Scan -- Date : 09/18/2013 01:00:54
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH][DLL] explorer.exe -- C:\Users\Bernard\AppData\Roaming\115\Box\Sync115Ext64.dll [x] -> UNLOADED

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=183.181.25.248:80) -> FOUND
    [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [WALLPAPER] HKCU\[...]\Desktop : WallPaper (C:\Users\Bernard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg) -> FOUND

    ¤¤¤ Scheduled tasks : 2 ¤¤¤
    [V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> FOUND
    [V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [Tr.Karagany][Folder] plugs : C:\Users\Bernard\AppData\Roaming\Adobe\plugs [-] --> FOUND
    [Tr.Karagany][Folder] shed : C:\Users\Bernard\AppData\Roaming\Adobe\shed [-] --> FOUND

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3750640AS +++++
    --- User ---
    [MBR] 7d81043d3a5b3b68e62533f756bcbed1
    [BSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 703816 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1441416060 | Size: 11585 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST3750640AS +++++
    --- User ---
    [MBR] 86dee91c58569e06a35abbe4e32e8844
    [BSP] d2cf106ef547eb0f1e1d898de4c244d8 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: ST3750640AS +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: ST3750640AS +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: ST3750640AS +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[0]_S_09182013_010054.txt >>
  25. squall23

    squall23 Newcomer, in training Topic Starter Posts: 43

    RogueKiller V8.6.11 _x64_ [Sep 11 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Bernard [Admin rights]
    Mode : Remove -- Date : 09/18/2013 03:24:05
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH][DLL] explorer.exe -- C:\Users\Bernard\AppData\Roaming\115\Box\Sync115Ext64.dll [x] -> UNLOADED

    ¤¤¤ Registry Entries : 10 ¤¤¤
    [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [WALLPAPER] HKCU\[...]\Desktop : WallPaper (C:\Users\Bernard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg) -> REPLACED (C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp)

    ¤¤¤ Scheduled tasks : 2 ¤¤¤
    [V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> DELETED
    [V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [Tr.Karagany][Folder] plugs : C:\Users\Bernard\AppData\Roaming\Adobe\plugs [-] --> DELETED
    [Tr.Karagany][Folder] shed : C:\Users\Bernard\AppData\Roaming\Adobe\shed [-] --> DELETED

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3750640AS +++++
    --- User ---
    [MBR] 7d81043d3a5b3b68e62533f756bcbed1
    [BSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 703816 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1441416060 | Size: 11585 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST3750640AS +++++
    --- User ---
    [MBR] 86dee91c58569e06a35abbe4e32e8844
    [BSP] d2cf106ef547eb0f1e1d898de4c244d8 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: ST3750640AS +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: ST3750640AS +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: ST3750640AS +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[0]_D_09182013_032405.txt >>
    RKreport[0]_S_09182013_010054.txt


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.