Heuristics.reserved.word.exploit

Solved
By TrunkMonkey
Jan 8, 2013
Topic Status:
Not open for further replies.
  1. Two days ago my machine began to act strangely, so I did some googling based on windows messages I was getting. That brought me to downloading a free trial of MalwareBytes Pro, which found 2 instances of this malware. I instructed MB to delete these files. For a while I thought I was in the clear, but now I'm pretty sure I need your help. Here is the requested 3 logs:


    Malwarebytes Anti-Malware (PRO) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.08.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Justin Sidwell :: TOWEROFPOWER10 [administrator]

    Protection: Enabled

    1/8/2013 10:49:25 AM
    mbam-log-2013-01-08 (10-49-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 229765
    Time elapsed: 4 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    DDS (attach.txt)
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/23/2010 1:15:33 AM
    System Uptime: 1/8/2013 10:44:17 AM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 784/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 343.545 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 1 GiB total, 0.656 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP466: 1/5/2013 4:53:03 AM - IObit Uninstaller restore point
    RP467: 1/5/2013 4:54:23 AM - IObit Uninstaller restore point
    RP468: 1/5/2013 9:48:29 AM - Windows Update
    RP470: 1/5/2013 5:28:50 PM - Windows Update
    RP471: 1/5/2013 7:20:03 PM - Windows Update
    RP472: 1/6/2013 12:32:32 AM - Installed Microsoft Fix it 50897
    RP473: 1/6/2013 1:41:10 AM - xml bullshit
    RP474: 1/6/2013 6:01:09 AM - Restore Operation
    RP475: 1/6/2013 7:23:05 AM - Windows Update
    RP476: 1/6/2013 12:45:55 PM - stable
    RP477: 1/6/2013 1:09:02 PM - stable
    RP478: 1/6/2013 10:35:36 PM - IObit Uninstaller restore point
    RP479: 1/6/2013 10:38:05 PM - IObit Uninstaller restore point
    RP480: 1/6/2013 10:41:16 PM - Removed TurboV EVO
    RP481: 1/6/2013 10:42:19 PM - IObit Uninstaller restore point
    RP482: 1/6/2013 10:42:35 PM - Removed TurboV EVO
    RP483: 1/6/2013 11:19:26 PM - IObit Uninstaller restore point
    RP484: 1/6/2013 11:23:33 PM - IObit Uninstaller restore point
    RP485: 1/6/2013 11:24:29 PM - IObit Uninstaller restore point
    RP486: 1/6/2013 11:24:53 PM - Removed JMicron JMB36X Driver
    RP487: 1/7/2013 4:27:22 PM - reg assassin
    RP488: 1/7/2013 6:10:17 PM - IObit Uninstaller restore point
    RP489: 1/7/2013 7:30:17 PM - Removed Java 7 Update 9
    RP490: 1/8/2013 3:15:35 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    7-Zip 9.20 (x64 edition)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Akamai NetSession Interface
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD System Monitor
    AMD VISION Engine Control Center
    Call of Duty(R) 4 - Modern Warfare(TM) Demo
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    DocProc
    Doom 3
    Dropbox
    eReg
    Geekbench 2.4
    Google Chrome
    Google Update Helper
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    Java 7 Update 9
    Java Auto Updater
    Logitech Harmony Remote Software 7
    Logitech SetPoint 6.30
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Manager
    MyFreeCodec
    NEC Electronics USB 3.0 Host Controller Driver
    neroxml
    NETGEAR GA311 Gigabit Adapter
    Platform
    Portal
    Portal 2
    Radeon RAMDisk
    Realtek Ethernet Controller Driver For Windows 7
    Remote Control USB Driver
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Smart Defrag 2
    SmartPack 1.21.0
    SmartWebPrinting
    Steam
    Team Fortress 2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VCRedistSetup
    VIA Platform Device Manager
    VLC media player 2.0.5
    Windows 7 Logon Background Changer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/8/2013 3:53:30 AM, Error: Microsoft-Windows-HttpEvent [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
    1/8/2013 3:21:29 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.141.3310.0;1.141.3310.0 Engine version: 1.1.9002.0
    1/8/2013 12:54:52 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F9E98BE2-3828-45B7-A2B7-D61FD2EF7F5B} because another computer on the network has the same name. The server could not start.
    1/8/2013 11:04:22 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    1/8/2013 10:44:26 AM, Error: volmgr [46] - Crash dump initialization failed!
    1/8/2013 1:49:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    1/7/2013 4:24:57 PM, Error: Schannel [36888] - The following fatal alert was generated: 70. The internal error state is 105.
    1/7/2013 11:54:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    1/7/2013 10:27:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    1/6/2013 6:12:20 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.141.3214.0;1.141.3214.0 Engine version: 1.1.9002.0
    1/6/2013 4:30:05 AM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
    1/6/2013 4:30:05 AM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    1/6/2013 4:30:05 AM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    1/6/2013 11:28:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    1/6/2013 1:57:57 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024864.
    1/6/2013 1:57:57 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070020.
    1/5/2013 3:16:48 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================


    DDS (DDS.txt)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Justin Sidwell at 11:04:34 on 2013-01-08
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.1623 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\DAODx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
    C:\Program Files (x86)\Netgear\WIN7_GA311\GA311.exe
    C:\Program Files (x86)\Netgear\WIN7_GA311\GA311.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k PeerDist
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\snmptrap.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
    C:\Program Files\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: {0347C33E-8762-4905-BF09-768834316C61} - <orphaned>
    BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned>
    BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - <orphaned>
    EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
    uRun: [Google Update] "C:\Users\Justin Sidwell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
    mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\JUSTIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Windows\System: UseOEMBackground = dword:1
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{07C7AB6D-61BF-417C-8263-713ADE83B628} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F9E98BE2-3828-45B7-A2B7-D61FD2EF7F5B} : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-12-17 17720]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-2 240640]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-2 361984]
    R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2012-12-23 109056]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-7 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-7 682344]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-7-5 27136]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
    R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-7 24176]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
    R3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2012-11-29 73552]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-3-2 1301504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-26 46136]
    S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-7-5 35840]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-12-24 102368]
    S3 G311N6;NETGEAR GA311 Gigabit Driver;C:\Windows\System32\drivers\G311N6.sys [2011-7-5 347680]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-6 19456]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-12-24 203104]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 57856]
    S3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2012-3-4 13312]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-23 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-01-08 13:42:199125352----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED7B033D-3272-452F-8282-8326EA4A0269}\mpengine.dll
    2013-01-08 12:39:250----a-w-C:\Windows\System32\OLEPRO32.DLL
    2013-01-08 12:39:250----a-w-C:\Windows\System32\atiumdva.dll
    2013-01-08 12:39:250----a-w-C:\Windows\System32\atiumdag.dll
    2013-01-08 12:39:250----a-w-C:\Windows\System32\atiu9pag.dll
    2013-01-08 12:39:250----a-w-C:\Windows\System32\aticfx32.dll
    2013-01-08 10:04:469125352----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-08 01:24:49--------d-----w-C:\MATS
    2013-01-07 17:37:2624176----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-01-07 17:37:26--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-07 05:25:15315904----a-w-C:\Windows\SysWow64\Difx9cda.rra
    2013-01-07 03:50:20--------d-----w-C:\ProgramData\Spybot - Search & Destroy
    2013-01-07 03:50:20--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy
    2013-01-06 22:50:22--------d-----w-C:\Users\Justin Sidwell\AppData\Roaming\start
    2013-01-06 08:31:17--------d-----w-C:\Users\Justin Sidwell\AppData\Roaming\Malwarebytes
    2013-01-06 08:30:53--------d-----w-C:\ProgramData\Malwarebytes
    2013-01-06 01:45:41--------d-----w-C:\ProgramData\Kaspersky Lab
    2013-01-06 01:45:41--------d-----w-C:\Program Files (x86)\Kaspersky Lab
    2013-01-05 12:38:12--------d-----w-C:\Program Files (x86)\Resource Hacker
    2013-01-05 06:23:15--------d-----w-C:\Program Files (x86)\AMD AVT
    2013-01-05 06:23:09--------d-----w-C:\Program Files (x86)\AMD APP
    2013-01-05 06:22:54--------d-----w-C:\Program Files\Common Files\ATI Technologies
    2013-01-05 06:22:54--------d-----w-C:\Program Files (x86)\Common Files\ATI Technologies
    2013-01-05 06:18:27--------d-----w-C:\Program Files (x86)\ATI Technologies
    2013-01-05 06:18:19--------d-----w-C:\Program Files\ATI
    2013-01-05 06:17:39--------d-----w-C:\Program Files\ATI Technologies
    2013-01-04 20:30:17--------d--h--w-C:\Program Files (x86)\Zero G Registry
    2013-01-04 20:30:17--------d-----w-C:\Program Files (x86)\Skifta
    2013-01-04 20:27:58--------d--h--w-C:\Users\Justin Sidwell\InstallAnywhere
    2013-01-04 20:27:57--------d-----w-C:\tmp
    2013-01-02 23:33:3153248----a-r-C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2013-01-01 15:45:0916363960----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-01-01 10:08:34--------d-----w-C:\Users\Justin Sidwell\AppData\Local\Logishrd
    2012-12-28 07:12:47--------d-----w-C:\Windows\pss
    2012-12-27 18:53:20--------d-----w-C:\Program Files (x86)\Radeon RAMDisk
    2012-12-27 07:59:26--------d-----w-C:\Program Files\LockHunter
    2012-12-27 01:31:2318960----a-w-C:\Windows\System32\drivers\LNonPnP.sys
    2012-12-27 01:25:58--------d-----w-C:\Users\Justin Sidwell\AppData\Roaming\Logishrd
    2012-12-26 08:24:3613368----a-w-C:\Windows\SysWow64\drivers\AsUpIO.sys
    2012-12-26 04:51:33972264------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF887FDD-C14B-4F5D-9DCF-6ABC14527719}\gapaengine.dll
    2012-12-25 09:28:059125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8E69ADD-41CB-4D51-B163-46B0F9208C22}\mpengine.dll
    2012-12-25 00:00:48--------d-----w-C:\Windows\System32\catroot2
    2012-12-24 15:15:51--------d-----w-C:\Users\Justin Sidwell\AppData\Local\ElevatedDiagnostics
    2012-12-24 07:27:09203104----a-w-C:\Windows\System32\drivers\ssudmdm.sys
    2012-12-24 07:27:08102368----a-w-C:\Windows\System32\drivers\ssudbus.sys
    2012-12-24 07:24:44--------d-----w-C:\Program Files (x86)\MarkAny
    2012-12-23 15:40:09--------d-----w-C:\ProgramData\ASUS OC Profiles
    2012-12-23 15:34:5824576----a-w-C:\Windows\SysWow64\AsIO.dll
    2012-12-23 15:34:5813440----a-w-C:\Windows\SysWow64\drivers\AsIO.sys
    2012-12-23 15:33:05225280----a-w-C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-12-23 12:26:52--------d-sh--w-C:\$RECYCLE.BIN
    2012-12-23 11:15:38--------d-----w-C:\Program Files (x86)\AMD
    2012-12-23 11:15:0416896----a-w-C:\Windows\AsTaskSched.dll
    2012-12-23 10:44:40--------d-----w-C:\Users\Justin Sidwell\AppData\Local\Akamai
    2012-12-21 20:35:3546080----a-w-C:\Windows\System32\atmlib.dll
    2012-12-21 20:35:3534304----a-w-C:\Windows\SysWow64\atmlib.dll
    2012-12-21 20:35:34367616----a-w-C:\Windows\System32\atmfd.dll
    2012-12-21 20:35:33295424----a-w-C:\Windows\SysWow64\atmfd.dll
    2012-12-21 04:13:33--------d-----w-C:\Program Files (x86)\ASUS
    2012-12-18 05:28:5632600----a-w-C:\Windows\System32\SmartDefragBootTime.exe
    2012-12-18 05:28:4617720----a-w-C:\Windows\System32\drivers\SmartDefragDriver.sys
    2012-12-17 17:07:23--------d-----w-C:\ProgramData\AVAST Software
    2012-12-17 17:07:23--------d-----w-C:\Program Files\AVAST Software
    2012-12-16 06:33:15--------dc----w-C:\Users\Justin Sidwell\AppData\Local\MigWiz
    2012-12-12 05:02:492048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-12-12 05:01:587680----a-w-C:\Windows\SysWow64\instnm.exe
    2012-12-10 16:42:4995208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2013-01-07 05:04:18123704----a-w-C:\Windows\System32\drivers\jraid.sys
    2013-01-01 15:45:1973656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-01 15:45:19697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-10 16:42:35821736----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2012-12-10 16:42:35746984----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-12-02 09:26:50222720----a-w-C:\Windows\System32\clinfo.exe
    2012-12-02 09:26:3276288----a-w-C:\Windows\System32\OpenVideo64.dll
    2012-12-02 09:26:2865536----a-w-C:\Windows\SysWow64\OpenVideo.dll
    2012-12-02 09:26:2464512----a-w-C:\Windows\System32\OVDecode64.dll
    2012-12-02 09:26:2056320----a-w-C:\Windows\SysWow64\OVDecode.dll
    2012-12-02 09:26:1034523136----a-w-C:\Windows\System32\amdocl64.dll
    2012-12-02 09:21:2228738048----a-w-C:\Windows\SysWow64\amdocl.dll
    2012-12-02 09:17:0254784----a-w-C:\Windows\System32\OpenCL.dll
    2012-12-02 09:16:5850176----a-w-C:\Windows\SysWow64\OpenCL.dll
    2012-12-02 08:31:345626536----a-w-C:\Windows\SysWow64\atiumdag.dll
    2012-12-02 08:29:4811270656----a-w-C:\Windows\System32\drivers\atikmdag.sys
    2012-12-02 08:17:1223455744----a-w-C:\Windows\System32\atio6axx.dll
    2012-12-02 08:00:18163840----a-w-C:\Windows\System32\atiapfxx.exe
    2012-12-02 07:59:5670144----a-w-C:\Windows\System32\coinst_9.01.8.dll
    2012-12-02 07:58:4451200----a-w-C:\Windows\System32\aticalrt64.dll
    2012-12-02 07:58:4246080----a-w-C:\Windows\SysWow64\aticalrt.dll
    2012-12-02 07:58:3644544----a-w-C:\Windows\System32\aticalcl64.dll
    2012-12-02 07:58:3444032----a-w-C:\Windows\SysWow64\aticalcl.dll
    2012-12-02 07:58:2416082944----a-w-C:\Windows\System32\aticaldd64.dll
    2012-12-02 07:57:5418979328----a-w-C:\Windows\SysWow64\atioglxx.dll
    2012-12-02 07:54:0813703168----a-w-C:\Windows\SysWow64\aticaldd.dll
    2012-12-02 07:50:46949248----a-w-C:\Windows\SysWow64\aticfx32.dll
    2012-12-02 07:48:521137664----a-w-C:\Windows\System32\aticfx64.dll
    2012-12-02 07:46:466684672----a-w-C:\Windows\SysWow64\atidxx32.dll
    2012-12-02 07:41:444674048----a-w-C:\Windows\System32\atiumd6a.dll
    2012-12-02 07:37:46442368----a-w-C:\Windows\System32\atidemgy.dll
    2012-12-02 07:37:36548864----a-w-C:\Windows\System32\atieclxx.exe
    2012-12-02 07:36:50240640----a-w-C:\Windows\System32\atiesrxx.exe
    2012-12-02 07:35:26120320----a-w-C:\Windows\System32\atitmm64.dll
    2012-12-02 07:35:1021504----a-w-C:\Windows\System32\atimuixx.dll
    2012-12-02 07:35:0459392----a-w-C:\Windows\System32\atiedu64.dll
    2012-12-02 07:35:0043520----a-w-C:\Windows\SysWow64\ati2edxx.dll
    2012-12-02 07:29:303862528----a-w-C:\Windows\SysWow64\atiumdva.dll
    2012-12-02 07:29:047378944----a-w-C:\Windows\System32\atidxx64.dll
    2012-12-02 07:24:506781440----a-w-C:\Windows\System32\atiumd64.dll
    2012-12-02 07:17:5456320----a-w-C:\Windows\System32\atimpc64.dll
    2012-12-02 07:17:5456320----a-w-C:\Windows\System32\amdpcom64.dll
    2012-12-02 07:17:4456832----a-w-C:\Windows\SysWow64\atimpc32.dll
    2012-12-02 07:17:4456832----a-w-C:\Windows\SysWow64\amdpcom32.dll
    2012-12-02 07:14:2853248----a-w-C:\Windows\System32\drivers\ati2erec.dll
    2012-12-02 07:14:10619008----a-w-C:\Windows\System32\atiadlxx.dll
    2012-12-02 07:14:00421888----a-w-C:\Windows\SysWow64\atiadlxy.dll
    2012-12-02 07:13:4417920----a-w-C:\Windows\System32\atig6pxx.dll
    2012-12-02 07:13:4214848----a-w-C:\Windows\SysWow64\atiglpxx.dll
    2012-12-02 07:13:4214848----a-w-C:\Windows\System32\atiglpxx.dll
    2012-12-02 07:13:3841984----a-w-C:\Windows\System32\atig6txx.dll
    2012-12-02 07:13:3033280----a-w-C:\Windows\SysWow64\atigktxx.dll
    2012-12-02 07:13:20546816----a-w-C:\Windows\System32\drivers\atikmpag.sys
    2012-12-02 07:11:28130048----a-w-C:\Windows\System32\atiuxp64.dll
    2012-12-02 07:11:20109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
    2012-12-02 07:11:14104448----a-w-C:\Windows\System32\atiu9p64.dll
    2012-12-02 07:11:0483968----a-w-C:\Windows\SysWow64\atiu9pag.dll
    2012-11-29 17:50:0673552----a-w-C:\Windows\System32\drivers\RAMDiskVE.sys
    2012-11-22 03:26:403149824----a-w-C:\Windows\System32\win32k.sys
    2012-11-14 06:11:442312704----a-w-C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:111392128----a-w-C:\Windows\System32\wininet.dll
    2012-11-14 06:02:491494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46599040----a-w-C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:402382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:221800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:151427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:371129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:422382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:092048----a-w-C:\Windows\System32\tzres.dll
    2012-11-02 05:59:11478208----a-w-C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31376832----a-w-C:\Windows\SysWow64\dpnet.dll
    2012-10-29 18:10:024659712----a-w-C:\Windows\SysWow64\Redemption.dll
    2012-10-29 18:09:2890112----a-w-C:\Windows\MAMCityDownload.ocx
    2012-10-29 18:09:28330240----a-w-C:\Windows\MASetupCaller.dll
    2012-10-29 18:09:2830568----a-w-C:\Windows\MusiccityDownload.exe
    2012-10-29 18:09:26821824----a-w-C:\Windows\SysWow64\dgderapi.dll
    2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
    2012-10-15 16:54:0025472----a-w-C:\Windows\System32\RegistryDefragBootTime.exe
    .
    ============= FINISH: 11:07:09.58 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  3. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    ComboFix 13-01-08.01 - Justin Sidwell 01/08/2013 17:19:57.1.6 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.1727 [GMT -6:00]
    Running from: c:\users\Justin Sidwell\Desktop\Project Mr. Clean\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Justin Sidwell\AppData\Roaming\Geanyz
    c:\users\Justin Sidwell\AppData\Roaming\Geanyz\omguf.yle
    c:\users\Justin Sidwell\AppData\Roaming\Start
    c:\users\Justin Sidwell\AppData\Roaming\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
    c:\windows\SysWow64\local.txt
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-08 23:26 . 2013-01-08 23:26--------d-----w-c:\users\Guest\AppData\Local\temp
    2013-01-08 23:26 . 2013-01-08 23:26--------d-----w-c:\users\Default\AppData\Local\temp
    2013-01-08 13:42 . 2012-11-08 15:249125352----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED7B033D-3272-452F-8282-8326EA4A0269}\mpengine.dll
    2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\OLEPRO32.DLL
    2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\atiumdva.dll
    2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\atiumdag.dll
    2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\atiu9pag.dll
    2013-01-08 12:39 . 2013-01-08 12:390----a-w-c:\windows\system32\aticfx32.dll
    2013-01-08 10:04 . 2012-11-08 15:249125352----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-08 01:24 . 2013-01-08 01:43--------d-----w-C:\MATS
    2013-01-07 17:37 . 2013-01-07 17:37--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-07 17:37 . 2012-12-14 22:4924176----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-07 05:25 . 2009-07-14 01:15315904----a-w-c:\windows\SysWow64\Difx9cda.rra
    2013-01-07 03:50 . 2013-01-07 03:58--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
    2013-01-07 03:50 . 2013-01-07 03:55--------d-----w-c:\programdata\Spybot - Search & Destroy
    2013-01-06 08:31 . 2013-01-06 08:31--------d-----w-c:\users\Justin Sidwell\AppData\Roaming\Malwarebytes
    2013-01-06 08:30 . 2013-01-06 08:30--------d-----w-c:\programdata\Malwarebytes
    2013-01-06 01:45 . 2013-01-06 01:45--------d-----w-c:\programdata\Kaspersky Lab
    2013-01-06 01:45 . 2013-01-06 01:45--------d-----w-c:\program files (x86)\Kaspersky Lab
    2013-01-05 12:38 . 2013-01-06 12:08--------d-----w-c:\program files (x86)\Resource Hacker
    2013-01-05 06:23 . 2013-01-05 06:23--------d-----w-c:\programdata\ATI
    2013-01-05 06:23 . 2013-01-05 06:23--------d-----w-c:\program files (x86)\AMD AVT
    2013-01-05 06:23 . 2013-01-05 06:23--------d-----w-c:\program files (x86)\AMD APP
    2013-01-05 06:22 . 2013-01-05 06:22--------d-----w-c:\program files\Common Files\ATI Technologies
    2013-01-05 06:22 . 2013-01-05 06:22--------d-----w-c:\program files (x86)\Common Files\ATI Technologies
    2013-01-05 06:18 . 2013-01-05 06:18--------d-----w-c:\program files (x86)\ATI Technologies
    2013-01-05 06:18 . 2013-01-05 06:18--------d-----w-c:\program files\ATI
    2013-01-05 06:17 . 2013-01-05 06:22--------d-----w-c:\program files\ATI Technologies
    2013-01-04 20:30 . 2013-01-05 05:59--------d-----w-c:\program files (x86)\Skifta
    2013-01-04 20:30 . 2013-01-04 20:30--------d--h--w-c:\program files (x86)\Zero G Registry
    2013-01-04 20:27 . 2013-01-04 20:27--------d--h--w-c:\users\Justin Sidwell\InstallAnywhere
    2013-01-04 20:27 . 2013-01-04 20:27--------d-----w-C:\tmp
    2013-01-02 23:33 . 2013-01-02 23:3353248----a-r-c:\users\Justin Sidwell\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2013-01-02 23:32 . 2013-01-02 23:32--------d-----w-c:\program files\Logitech
    2013-01-02 23:31 . 2013-01-02 23:33--------d-----w-c:\program files\Common Files\LogiShrd
    2013-01-01 15:45 . 2013-01-01 15:4516363960----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-01-01 10:08 . 2013-01-01 10:08--------d-----w-c:\users\Justin Sidwell\AppData\Local\Logishrd
    2012-12-30 01:11 . 2012-12-30 01:11--------d-----w-c:\program files (x86)\Google
    2012-12-27 18:53 . 2012-12-27 18:55--------d-----w-c:\program files (x86)\Radeon RAMDisk
    2012-12-27 07:59 . 2012-12-27 10:54--------d-----w-c:\program files\LockHunter
    2012-12-27 01:32 . 2012-12-27 01:32--------d-----w-c:\users\Justin Sidwell\AppData\Roaming\Leadertech
    2012-12-27 01:32 . 2012-12-27 01:32--------d-----w-c:\program files (x86)\Common Files\LogiShrd
    2012-12-27 01:31 . 2013-01-03 00:2718960----a-w-c:\windows\system32\drivers\LNonPnP.sys
    2012-12-27 01:30 . 2013-01-02 18:54--------d-----w-c:\programdata\Logitech
    2012-12-27 01:29 . 2013-01-02 23:33--------d-----w-c:\programdata\Logishrd
    2012-12-27 01:25 . 2012-12-27 01:35--------d-----w-c:\users\Justin Sidwell\AppData\Roaming\Logishrd
    2012-12-27 01:25 . 2012-12-27 01:32--------d-----w-c:\users\Justin Sidwell\AppData\Roaming\Logitech
    2012-12-26 08:24 . 2009-07-06 16:4813368----a-w-c:\windows\SysWow64\drivers\AsUpIO.sys
    2012-12-26 04:51 . 2012-12-26 04:51972264------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF887FDD-C14B-4F5D-9DCF-6ABC14527719}\gapaengine.dll
    2012-12-25 09:28 . 2012-11-19 07:019125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8E69ADD-41CB-4D51-B163-46B0F9208C22}\mpengine.dll
    2012-12-25 00:00 . 2013-01-08 09:18--------d-----w-c:\windows\system32\catroot2
    2012-12-24 15:15 . 2013-01-08 08:22--------d-----w-c:\users\Justin Sidwell\AppData\Local\ElevatedDiagnostics
    2012-12-24 07:27 . 2012-09-20 04:35203104----a-w-c:\windows\system32\drivers\ssudmdm.sys
    2012-12-24 07:27 . 2012-09-20 04:35102368----a-w-c:\windows\system32\drivers\ssudbus.sys
    2012-12-24 07:24 . 2012-12-24 07:24--------d-----w-c:\program files (x86)\MarkAny
    2012-12-23 15:40 . 2012-12-23 16:06--------d-----w-c:\programdata\ASUS OC Profiles
    2012-12-23 15:34 . 2012-12-23 15:3224576----a-w-c:\windows\SysWow64\AsIO.dll
    2012-12-23 15:34 . 2012-12-23 15:3213440----a-w-c:\windows\SysWow64\drivers\AsIO.sys
    2012-12-23 15:33 . 2001-09-05 10:18225280----a-w-c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-12-23 11:15 . 2012-12-24 04:05--------d-----w-c:\program files (x86)\AMD
    2012-12-23 11:15 . 2012-12-23 11:1516896----a-w-c:\windows\AsTaskSched.dll
    2012-12-23 10:44 . 2013-01-06 12:08--------d-----w-c:\users\Justin Sidwell\AppData\Local\Akamai
    2012-12-21 20:35 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
    2012-12-21 20:35 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
    2012-12-21 20:35 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
    2012-12-21 20:35 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
    2012-12-21 04:13 . 2013-01-07 04:42--------d-----w-c:\program files (x86)\ASUS
    2012-12-20 10:39 . 2012-12-20 10:39--------d-----w-c:\programdata\Razer
    2012-12-20 10:39 . 2012-12-20 10:39--------d-----w-c:\program files (x86)\Razer
    2012-12-18 05:28 . 2012-05-09 00:3432600----a-w-c:\windows\system32\SmartDefragBootTime.exe
    2012-12-18 05:28 . 2010-11-27 00:0217720----a-w-c:\windows\system32\drivers\SmartDefragDriver.sys
    2012-12-17 17:09 . 2012-10-30 23:50285328----a-w-c:\windows\system32\aswBoot.exe
    2012-12-17 17:07 . 2012-12-26 03:40--------d-----w-c:\programdata\AVAST Software
    2012-12-17 17:07 . 2012-12-17 17:07--------d-----w-c:\program files\AVAST Software
    2012-12-16 06:33 . 2013-01-08 08:12--------dc----w-c:\users\Justin Sidwell\AppData\Local\MigWiz
    2012-12-12 05:02 . 2012-11-09 05:452048----a-w-c:\windows\system32\tzres.dll
    2012-12-12 05:01 . 2012-10-04 16:404096---ha-w-c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-10 16:47 . 2013-01-08 09:18--------d-----w-c:\program files (x86)\Common Files\Java
    2012-12-10 16:42 . 2012-12-10 16:4295208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-07 05:04 . 2012-09-17 21:05123704----a-w-c:\windows\system32\drivers\jraid.sys
    2013-01-01 15:45 . 2012-04-05 03:18697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-01 15:45 . 2011-05-18 16:4673656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 23:31 . 2010-07-23 20:2467599240----a-w-c:\windows\system32\MRT.exe
    2012-12-10 16:42 . 2012-11-18 00:10821736----a-w-c:\windows\SysWow64\npdeployJava1.dll
    2012-12-10 16:42 . 2010-09-07 02:31746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-12-02 09:26 . 2012-12-02 09:26222720----a-w-c:\windows\system32\clinfo.exe
    2012-12-02 09:26 . 2012-12-02 09:2676288----a-w-c:\windows\system32\OpenVideo64.dll
    2012-12-02 09:26 . 2012-12-02 09:2665536----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-12-02 09:26 . 2012-12-02 09:2664512----a-w-c:\windows\system32\OVDecode64.dll
    2012-12-02 09:26 . 2012-12-02 09:2656320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-12-02 09:26 . 2012-12-02 09:2634523136----a-w-c:\windows\system32\amdocl64.dll
    2012-12-02 09:21 . 2012-12-02 09:2128738048----a-w-c:\windows\SysWow64\amdocl.dll
    2012-12-02 09:17 . 2012-12-02 09:1754784----a-w-c:\windows\system32\OpenCL.dll
    2012-12-02 09:16 . 2012-12-02 09:1650176----a-w-c:\windows\SysWow64\OpenCL.dll
    2012-12-02 08:31 . 2012-12-02 08:315626536----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-12-02 08:29 . 2012-12-02 08:2911270656----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-12-02 08:17 . 2012-12-02 08:1723455744----a-w-c:\windows\system32\atio6axx.dll
    2012-12-02 08:00 . 2012-12-02 08:00163840----a-w-c:\windows\system32\atiapfxx.exe
    2012-12-02 07:59 . 2012-12-02 07:5970144----a-w-c:\windows\system32\coinst_9.01.8.dll
    2012-12-02 07:58 . 2012-12-02 07:5851200----a-w-c:\windows\system32\aticalrt64.dll
    2012-12-02 07:58 . 2012-12-02 07:5846080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-12-02 07:58 . 2012-12-02 07:5844544----a-w-c:\windows\system32\aticalcl64.dll
    2012-12-02 07:58 . 2012-12-02 07:5844032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-12-02 07:58 . 2012-12-02 07:5816082944----a-w-c:\windows\system32\aticaldd64.dll
    2012-12-02 07:57 . 2012-12-02 07:5718979328----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-12-02 07:54 . 2012-12-02 07:5413703168----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-12-02 07:50 . 2012-12-02 07:50949248----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-12-02 07:48 . 2012-12-02 07:481137664----a-w-c:\windows\system32\aticfx64.dll
    2012-12-02 07:46 . 2012-12-02 07:466684672----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-12-02 07:41 . 2012-12-02 07:414674048----a-w-c:\windows\system32\atiumd6a.dll
    2012-12-02 07:37 . 2012-12-02 07:37442368----a-w-c:\windows\system32\atidemgy.dll
    2012-12-02 07:37 . 2012-12-02 07:37548864----a-w-c:\windows\system32\atieclxx.exe
    2012-12-02 07:36 . 2012-12-02 07:36240640----a-w-c:\windows\system32\atiesrxx.exe
    2012-12-02 07:35 . 2012-12-02 07:35120320----a-w-c:\windows\system32\atitmm64.dll
    2012-12-02 07:35 . 2012-12-02 07:3521504----a-w-c:\windows\system32\atimuixx.dll
    2012-12-02 07:35 . 2012-12-02 07:3559392----a-w-c:\windows\system32\atiedu64.dll
    2012-12-02 07:35 . 2012-12-02 07:3543520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-12-02 07:29 . 2012-12-02 07:293862528----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-12-02 07:29 . 2012-12-02 07:297378944----a-w-c:\windows\system32\atidxx64.dll
    2012-12-02 07:24 . 2012-12-02 07:246781440----a-w-c:\windows\system32\atiumd64.dll
    2012-12-02 07:17 . 2012-12-02 07:1756320----a-w-c:\windows\system32\atimpc64.dll
    2012-12-02 07:17 . 2012-12-02 07:1756320----a-w-c:\windows\system32\amdpcom64.dll
    2012-12-02 07:17 . 2012-12-02 07:1756832----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-12-02 07:17 . 2012-12-02 07:1756832----a-w-c:\windows\SysWow64\amdpcom32.dll
    2012-12-02 07:14 . 2012-12-02 07:1453248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-12-02 07:14 . 2012-12-02 07:14619008----a-w-c:\windows\system32\atiadlxx.dll
    2012-12-02 07:14 . 2012-12-02 07:14421888----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-12-02 07:13 . 2012-12-02 07:1317920----a-w-c:\windows\system32\atig6pxx.dll
    2012-12-02 07:13 . 2012-12-02 07:1314848----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-12-02 07:13 . 2012-12-02 07:1314848----a-w-c:\windows\system32\atiglpxx.dll
    2012-12-02 07:13 . 2012-12-02 07:1341984----a-w-c:\windows\system32\atig6txx.dll
    2012-12-02 07:13 . 2012-12-02 07:1333280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-12-02 07:13 . 2012-12-02 07:13546816----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-12-02 07:11 . 2010-05-27 16:25130048----a-w-c:\windows\system32\atiuxp64.dll
    2012-12-02 07:11 . 2012-12-02 07:11109568----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-12-02 07:11 . 2012-09-28 01:11104448----a-w-c:\windows\system32\atiu9p64.dll
    2012-12-02 07:11 . 2012-12-02 07:1183968----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-11-29 17:50 . 2012-11-29 17:5073552----a-w-c:\windows\system32\drivers\RAMDiskVE.sys
    2012-10-29 18:10 . 2012-11-17 21:224659712----a-w-c:\windows\SysWow64\Redemption.dll
    2012-10-29 18:09 . 2012-10-29 18:0990112----a-w-c:\windows\MAMCityDownload.ocx
    2012-10-29 18:09 . 2012-10-29 18:09330240----a-w-c:\windows\MASetupCaller.dll
    2012-10-29 18:09 . 2012-10-29 18:0930568----a-w-c:\windows\MusiccityDownload.exe
    2012-10-29 18:09 . 2012-11-18 01:06821824----a-w-c:\windows\SysWow64\dgderapi.dll
    2012-10-16 08:38 . 2012-12-01 23:16135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-12-01 23:16350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-12-01 23:16561664----a-w-c:\windows\apppatch\AcLayers.dll
    2012-10-15 16:54 . 2012-11-26 05:2725472----a-w-c:\windows\system32\RegistryDefragBootTime.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
    .
    c:\users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2012-12-23 109056]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    R3 AODDriver;AODDriver;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver.sys [x]
    R3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
    R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
    R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-10-01 35840]
    R3 cpuz135;cpuz135; [x]
    R3 cpuz136;cpuz136;c:\users\JUSTIN~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
    R3 G311N6;NETGEAR GA311 Gigabit Driver;c:\windows\system32\DRIVERS\G311N6.sys [2010-05-05 347680]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1255736]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-02 361984]
    S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-02-05 27136]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
    S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
    S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2012-11-29 73552]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-03 1301504]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:45]
    .
    2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 01:11]
    .
    2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 01:11]
    .
    2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1928685942-4290284316-1684522420-1000Core.job
    - c:\users\Justin Sidwell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-31 14:34]
    .
    2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1928685942-4290284316-1684522420-1000UA.job
    - c:\users\Justin Sidwell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-31 14:34]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\Justin Sidwell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-Six Engine - c:\program files (x86)\ASUS\EPU\EPU.exe
    Wow6432Node-HKLM-Run-QFan Help - c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
    Wow6432Node-HKLM-Run-JMB36X IDE Setup - c:\windows\RaidTool\xInsIDE.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:1f,06,d0,c4,d5,aa,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-08 17:28:29
    ComboFix-quarantined-files.txt 2013-01-08 23:28
    .
    Pre-Run: 367,655,559,168 bytes free
    Post-Run: 368,093,306,880 bytes free
    .
    - - End Of File - - B981DD17DCBB72DF19375D29A5BAA3B1
  4. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    Wow, that really opened her up. There is hope!
  5. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    Windows update is prompting me to do something in the action center sys tray. I'm going to ignore but thought I'd mention it
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yeah, yesterday was "Patch Tuesday", the time of month when Microsoft releases their security updates. Let's do the following next please:

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  7. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    It says Verify file digital signatures, not Verify driver digital signatures. I'll select it anyway as there are not many choices.
  8. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    Also top part has 4 items, System Memory and Loaded modules are there in addition to what you pictured. I will wait to see what all should be done. Let me know. Cant figure out a way to include a screenshot other than via URL.
  9. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    Never mind, I'm going to run it with all 6 boxes checked.
  10. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    Four objects were listed, clicked continue as you said:
    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
    None of the files you listed above were mentioned, although all were unsigned as I recall.

    After continue I now have the start screen again with the message "Suspicious objects were found". No where is a scan results button. What now?

    I clicked continue already, so where do I do this?

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed
  11. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    13:01:39.0623 4188 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    13:01:40.0012 4188 ============================================================
    13:01:40.0012 4188 Current date / time: 2013/01/09 13:01:40.0012
    13:01:40.0012 4188 SystemInfo:
    13:01:40.0012 4188
    13:01:40.0012 4188 OS Version: 6.1.7601 ServicePack: 1.0
    13:01:40.0012 4188 Product type: Workstation
    13:01:40.0012 4188 ComputerName: TOWEROFPOWER10
    13:01:40.0013 4188 UserName: Justin Sidwell
    13:01:40.0013 4188 Windows directory: C:\Windows
    13:01:40.0013 4188 System windows directory: C:\Windows
    13:01:40.0013 4188 Running under WOW64
    13:01:40.0013 4188 Processor architecture: Intel x64
    13:01:40.0013 4188 Number of processors: 6
    13:01:40.0013 4188 Page size: 0x1000
    13:01:40.0013 4188 Boot type: Normal boot

    OK, found Report button, got this log which is attached. Please be aware that I wasn't able to follow your steps exactly and may not have done things correctly and the program didn't match exactly what you described.

    Attached Files:

     
  12. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    UAC pop up occurred first, I said OK
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    Something about stealth mode was also checked. I left it that way. Seemed to indicate an added memory check. hope that's cool.
    • Click Scan (This scan can take several hours, so please be patient)
    It's running now.
  13. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    ESET Online Scan results:

    C:\Users\Justin Sidwell\Downloads\Tweaks\Windows 7\cbsidlm-tr1_7-Windows_7_Logon_Background_Changer-SEO2-10971736.exeWin32/DownloadAdmin.D applicationcleaned by deleting - quarantined​


    This program I downloaded a few months ago to modify the background image on windows start up and shut down screens. The top link was the source, although I believe I first learned about it at CNet.com.

    1. Windows 7 Logon Background Changer - Customize your Windows ...

      www.julien-manici.com/windows_7_logon_background_chan...Share
      Windows 7 Logon Background Changer is a free open source software that let you change the wallpaper of the Windows 7 logon screen (also known as ...
      Download - 1012 comments - Source Code - License terms


    2. Windows 7 Logon Background Changer - CNET Download.com

      download.cnet.com › ... › Desktop Customization
      21 reviews - Windows
      Oct 12, 2009 – Windows 7 Logon Background Changer is a free open source software that lets you change the wallpaper of the Windows 7 login screen (also ...

      To recap there were a few discrepancies between the instructions and what I encountered while doing the process. This part (below) was never part of my process since I was only offered a continue button once, pressed it, and that took me back to the start screen for the TDSSKiller app.

      Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIf malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    The TDSSKiller program is a very complex program, and it says different things depending on the situation. We're hoping that our preset directions are easy enough, that at least partially computer-competent people can comprehend.

    As for the detection, "Heuristics.Reserved.Word.Exploit" is a common false positive detection in Malwarebytes' Anti-Malware used simply to note when a file is out of its correct place. For example, when svchost.exe is the name for a file on the Desktop, it would be detected because its real location is in c:\windows\system32.

    Otherwise, there are no other checks that are needed.
  15. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    Do you mean we're done?

    I'm being extra cautious. I just wanted you to be aware that I was presented with the screen where you can "cure" the detected files (4 were detected). But I hit "continue' here, based on how I read the instructions, and was then back at the beginning menu again. Wouldn't it make sense to run it again? What if one of them was curable? My computer was really messed up until last night when combo-fix finished running, so I know I was infected. What is the next step, I ll wait to hear back.
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Tell you what, we'll do this last round here for remnants:

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.


    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  17. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    PC is running at least 5 times faster than when we started. You rock.
    I have to confess that I installed the recent batch of windows updates last night. Hope that wasn't totally stupid.

    I'm curious what you've found in all these logs. Looks like there's some cleaning going on, but I'm only guessing.

    Thanks,
    Justin



    # AdwCleaner v2.105 - Logfile created 01/10/2013 at 12:57:30
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Justin Sidwell - TOWEROFPOWER10
    # Boot Mode : Normal
    # Running from : C:\Users\Justin Sidwell\Desktop\Project Mr. Clean\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Justin Sidwell\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1118 octets] - [10/01/2013 12:57:30]

    ########## EOF - C:\AdwCleaner[S1].txt - [1178 octets] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.2 (01.08.2013:1)
    OS: Windows 7 Professional x64
    Ran by Justin Sidwell on Thu 01/10/2013 at 13:07:41.32
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}



    ~~~ Files

    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 01/10/2013 at 13:12:31.78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    OTL logfile created on: 1/10/2013 1:16:35 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin Sidwell\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 5.57 Gb Available Physical Memory | 69.67% Memory free
    13.99 Gb Paging File | 11.44 Gb Available in Paging File | 81.76% Paging File free
    Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 353.05 Gb Free Space | 37.91% Space Free | Partition Type: NTFS
    Drive E: | 848.31 Mb Total Space | 702.96 Mb Free Space | 82.87% Space Free | Partition Type: FAT32

    Computer Name: TOWEROFPOWER10 | User Name: Justin Sidwell | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/10 13:15:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin Sidwell\Desktop\OTL.exe
    PRC - [2012/12/29 19:16:27 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2012/12/23 09:32:30 | 000,109,056 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
    PRC - [2012/12/21 21:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2010/01/22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/03/30 00:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
    PRC - [2007/02/12 21:33:06 | 000,289,504 | ---- | M] () -- C:\Program Files (x86)\Netgear\WIN7_GA311\GA311.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/03/30 00:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
    MOD - [2007/02/26 15:32:42 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Netgear\WIN7_GA311\VistaRTL8169LibImp.dll
    MOD - [2007/02/12 21:33:06 | 000,289,504 | ---- | M] () -- C:\Program Files (x86)\Netgear\WIN7_GA311\GA311.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/12/02 03:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2012/12/02 01:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/09/27 13:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/01/09 09:45:19 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/23 09:32:30 | 000,109,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/07 19:21:29 | 000,541,168 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/06 23:04:18 | 000,123,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/12/02 02:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/12/02 01:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/11/29 11:50:06 | 000,073,552 | ---- | M] (Dataram, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
    DRV:64bit: - [2012/09/19 22:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012/09/19 22:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/05/14 00:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
    DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/02 00:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 00:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/24 15:36:24 | 000,431,176 | ---- | M] (BitDefender) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
    DRV:64bit: - [2010/05/05 07:01:32 | 000,347,680 | ---- | M] (Netgear) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\G311N6.sys -- (G311N6)
    DRV:64bit: - [2010/03/02 19:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/01/22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/01/22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/09/30 19:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
    DRV:64bit: - [2009/09/29 19:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/04 19:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2008/01/17 15:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
    DRV:64bit: - [2007/02/05 08:44:58 | 000,027,136 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
    DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Justin Sidwell\Downloads\misc
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 19 E7 90 BD F4 CB 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{7725A3FE-01BA-4C3A-A5DA-A5673F5921AA}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin Sidwell\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin Sidwell\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/19 05:56:43 | 000,000,000 | ---D | M]

    [2012/11/19 05:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/19 05:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Justin Sidwell\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

    O1 HOSTS File: ([2013/01/08 17:26:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
    O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - Startup: C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Justin Sidwell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (Reg Error: Value error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07C7AB6D-61BF-417C-8263-713ADE83B628}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E98BE2-3828-45B7-A2B7-D61FD2EF7F5B}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    [CONTINUED NEXT POST]
  18. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    [CONTINUED] OTL LOG

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/10 13:15:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Justin Sidwell\Desktop\OTL.exe
    [2013/01/10 13:07:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/10 13:07:21 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/10 02:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2013/01/09 18:43:06 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\78583551.sys
    [2013/01/09 13:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/01/08 17:56:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/08 17:28:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/08 17:18:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/08 17:18:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/08 17:18:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/08 17:18:13 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/08 17:17:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/08 10:52:53 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Desktop\Project Mr. Clean
    [2013/01/07 19:24:49 | 000,000,000 | ---D | C] -- C:\MATS
    [2013/01/07 12:15:03 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Desktop\MalwareBytes purchase info
    [2013/01/07 11:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/07 11:37:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/01/07 11:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/01/06 21:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/01/06 21:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2013/01/06 02:31:17 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Malwarebytes
    [2013/01/06 02:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/05 19:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2013/01/05 19:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
    [2013/01/05 06:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
    [2013/01/05 06:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
    [2013/01/05 00:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2013/01/05 00:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
    [2013/01/05 00:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2013/01/05 00:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2013/01/05 00:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
    [2013/01/05 00:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2013/01/05 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
    [2013/01/05 00:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2013/01/05 00:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2013/01/04 23:46:27 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Desktop\Default_Shutdown
    [2013/01/04 14:30:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
    [2013/01/04 14:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skifta
    [2013/01/04 14:27:58 | 000,000,000 | -H-D | C] -- C:\Users\Justin Sidwell\InstallAnywhere
    [2013/01/04 14:27:57 | 000,000,000 | ---D | C] -- C:\tmp
    [2013/01/04 00:08:51 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2013/01/02 17:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
    [2013/01/01 05:33:15 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Desktop\2_Second_Shutdown
    [2013/01/01 04:08:34 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Local\Logishrd
    [2012/12/29 19:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/12/29 19:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/12/28 01:12:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/12/27 12:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radeon RAMDisk
    [2012/12/27 12:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Radeon RAMDisk
    [2012/12/27 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
    [2012/12/27 01:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
    [2012/12/26 19:32:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
    [2012/12/26 19:32:02 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Leadertech
    [2012/12/26 19:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
    [2012/12/26 19:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
    [2012/12/26 19:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
    [2012/12/26 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Logitech
    [2012/12/26 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Logishrd
    [2012/12/25 22:40:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
    [2012/12/25 22:40:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
    [2012/12/25 18:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/12/24 18:00:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
    [2012/12/24 09:15:51 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Local\ElevatedDiagnostics
    [2012/12/24 01:27:09 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
    [2012/12/24 01:27:08 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
    [2012/12/24 01:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
    [2012/12/23 11:59:29 | 001,808,256 | ---- | C] (IObit) -- C:\Users\Justin Sidwell\Desktop\IObit Uninstaller.exe
    [2012/12/23 09:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
    [2012/12/23 05:15:44 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD
    [2012/12/23 05:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
    [2012/12/23 05:15:04 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
    [2012/12/23 04:44:40 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Local\Akamai
    [2012/12/23 02:07:29 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\Documents\SmartPack
    [2012/12/23 02:06:21 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPack
    [2012/12/20 22:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
    [2012/12/20 04:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
    [2012/12/20 04:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
    [2012/12/17 23:28:56 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
    [2012/12/17 23:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
    [2012/12/17 11:09:02 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/12/17 11:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/12/17 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/12/17 07:41:19 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
    [2012/12/16 00:33:15 | 000,000,000 | ---D | C] -- C:\Users\Justin Sidwell\AppData\Local\MigWiz
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/10 13:15:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin Sidwell\Desktop\OTL.exe
    [2013/01/10 13:08:59 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/10 13:08:59 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/10 13:02:07 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1928685942-4290284316-1684522420-1000UA.job
    [2013/01/10 13:01:22 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/10 13:00:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/10 13:00:15 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/10 12:59:05 | 891,289,600 | ---- | M] () -- C:\RAMDisk.img
    [2013/01/10 02:21:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/10 02:17:04 | 000,001,358 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2013/01/10 02:10:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/09 20:57:58 | 000,296,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/09 20:43:13 | 000,737,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/09 20:43:13 | 000,622,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/09 20:43:13 | 000,105,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/09 19:38:32 | 000,048,436 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\slow shutdown ERRORS.png
    [2013/01/09 18:43:06 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\78583551.sys
    [2013/01/09 12:02:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1928685942-4290284316-1684522420-1000Core.job
    [2013/01/08 17:26:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/01/08 06:49:21 | 008,196,304 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Local\census.cache
    [2013/01/08 06:48:44 | 000,095,544 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Local\ars.cache
    [2013/01/08 06:46:15 | 000,007,630 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Local\resmon.resmoncfg
    [2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\OLEPRO32.DLL
    [2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdva.dll
    [2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdag.dll
    [2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiu9pag.dll
    [2013/01/08 06:39:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\aticfx32.dll
    [2013/01/08 05:58:51 | 000,007,626 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\resource.ResmonCfg
    [2013/01/07 20:18:35 | 000,000,123 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Microsoft Fix it.url
    [2013/01/07 11:37:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/06 22:26:24 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2013/01/06 10:23:30 | 000,001,590 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\log.rtf
    [2013/01/06 05:25:23 | 000,000,065 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Roaming\mbam.context.scan
    [2013/01/05 02:49:27 | 000,000,146 | ---- | M] () -- C:\Users\Justin Sidwell\Documents\Audio Source.lnk
    [2013/01/02 08:40:38 | 000,001,616 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\ReBoot Time.vbs - Shift ctrl R.lnk
    [2013/01/02 08:38:42 | 000,001,573 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\hdmiOn.vbs - shift ctrl H.lnk
    [2013/01/01 23:20:33 | 000,002,293 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Google Chrome.lnk
    [2013/01/01 13:54:22 | 000,001,164 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\TOWEROFPOWER10 - Shortcut.lnk
    [2013/01/01 11:10:09 | 000,000,104 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Control Panel - Shortcut.lnk
    [2013/01/01 11:08:33 | 000,000,146 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\VIA HD Audio Deck - Shortcut (2).lnk
    [2013/01/01 05:36:56 | 000,001,242 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Paint.lnk
    [2013/01/01 05:36:51 | 000,001,304 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Notepad.lnk
    [2013/01/01 05:32:53 | 000,001,064 | ---- | M] () -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/01 05:24:37 | 000,013,570 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\msconfig.exe - Shortcut.lnk
    [2013/01/01 01:50:00 | 000,026,207 | ---- | M] () -- C:\Windows\SysNative\energy-report.html
    [2013/01/01 01:50:00 | 000,026,207 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\energy-report.html
    [2012/12/30 18:37:10 | 000,001,954 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Radeon RAMDisk Configuration Utility.lnk
    [2012/12/30 09:08:29 | 000,000,351 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Network - Shortcut.lnk
    [2012/12/29 23:11:35 | 000,110,923 | ---- | M] () -- C:\Users\Justin Sidwell\Documents\homegroup config.png
    [2012/12/26 01:46:41 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/12/26 01:46:41 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/12/25 23:10:52 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/12/25 22:15:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/12/25 20:37:39 | 000,001,155 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Windows Update Troubleshooting Info.lnk
    [2012/12/25 19:38:22 | 000,013,225 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Akamai NetSession Interface Control Panel (32-bit) - Shortcut.lnk
    [2012/12/24 01:27:52 | 000,002,006 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Samsung Kies (Lite).lnk
    [2012/12/23 11:59:32 | 001,808,256 | ---- | M] (IObit) -- C:\Users\Justin Sidwell\Desktop\IObit Uninstaller.exe
    [2012/12/23 09:32:31 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll
    [2012/12/23 09:32:31 | 000,013,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/12/23 05:17:06 | 000,730,423 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\TurboV EVO_AMD_EN.pdf
    [2012/12/23 05:15:04 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
    [2012/12/23 05:07:07 | 000,028,788 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
    [2012/12/23 05:04:18 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
    [2012/12/23 02:28:48 | 000,001,905 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\PLDS SmartPack Utility.lnk
    [2012/12/21 14:21:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/12/19 21:27:03 | 000,002,396 | ---- | M] () -- C:\Users\Justin Sidwell\Documents\goo.rtf
    [2012/12/19 02:05:54 | 000,000,262 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Run.lnk
    [2012/12/17 23:28:45 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
    [2012/12/17 11:04:10 | 000,000,937 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Downloads.lnk
    [2012/12/17 06:41:26 | 000,002,003 | ---- | M] () -- C:\Users\Justin Sidwell\Desktop\Turn Off Display.lnk
    [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/10 02:17:04 | 000,001,358 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2013/01/09 19:38:32 | 000,048,436 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\slow shutdown ERRORS.png
    [2013/01/08 17:18:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/08 17:18:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/08 17:18:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/08 17:18:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/08 17:18:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OLEPRO32.DLL
    [2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdva.dll
    [2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdag.dll
    [2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiu9pag.dll
    [2013/01/08 06:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\aticfx32.dll
    [2013/01/08 05:58:51 | 000,007,626 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\resource.ResmonCfg
    [2013/01/07 11:37:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/06 10:23:29 | 000,001,590 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\log.rtf
    [2013/01/06 05:25:23 | 000,000,065 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Roaming\mbam.context.scan
    [2013/01/05 02:49:27 | 000,000,146 | ---- | C] () -- C:\Users\Justin Sidwell\Documents\Audio Source.lnk
    [2013/01/02 17:36:43 | 000,001,064 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/02 08:39:33 | 000,001,616 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\ReBoot Time.vbs - Shift ctrl R.lnk
    [2013/01/02 08:37:23 | 000,001,573 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\hdmiOn.vbs - shift ctrl H.lnk
    [2013/01/01 13:54:22 | 000,001,164 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\TOWEROFPOWER10 - Shortcut.lnk
    [2013/01/01 11:10:09 | 000,000,104 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Control Panel - Shortcut.lnk
    [2013/01/01 11:08:33 | 000,000,146 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\VIA HD Audio Deck - Shortcut (2).lnk
    [2013/01/01 09:09:37 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/01 05:36:56 | 000,001,242 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Paint.lnk
    [2013/01/01 05:36:51 | 000,001,304 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Notepad.lnk
    [2013/01/01 05:28:26 | 000,002,293 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Google Chrome.lnk
    [2013/01/01 05:24:37 | 000,013,570 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\msconfig.exe - Shortcut.lnk
    [2013/01/01 01:50:21 | 000,026,207 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\energy-report.html
    [2013/01/01 01:50:00 | 000,026,207 | ---- | C] () -- C:\Windows\SysNative\energy-report.html
    [2012/12/30 18:37:10 | 000,001,954 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Radeon RAMDisk Configuration Utility.lnk
    [2012/12/30 09:08:29 | 000,000,351 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Network - Shortcut.lnk
    [2012/12/29 19:11:19 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/29 19:11:17 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/28 16:32:40 | 891,289,600 | ---- | C] () -- C:\RAMDisk.img
    [2012/12/26 02:24:36 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
    [2012/12/26 01:46:39 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/12/26 01:46:39 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/12/25 22:15:41 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/12/25 19:38:22 | 000,013,225 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Akamai NetSession Interface Control Panel (32-bit) - Shortcut.lnk
    [2012/12/24 09:15:42 | 000,001,155 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Windows Update Troubleshooting Info.lnk
    [2012/12/24 05:41:54 | 000,296,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/12/24 01:27:52 | 000,002,006 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Samsung Kies (Lite).lnk
    [2012/12/23 09:34:58 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2012/12/23 09:34:58 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/12/23 05:17:06 | 000,730,423 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\TurboV EVO_AMD_EN.pdf
    [2012/12/23 05:04:18 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
    [2012/12/23 05:04:18 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
    [2012/12/23 02:06:21 | 000,001,905 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\PLDS SmartPack Utility.lnk
    [2012/12/21 08:10:57 | 000,110,923 | ---- | C] () -- C:\Users\Justin Sidwell\Documents\homegroup config.png
    [2012/12/19 21:27:03 | 000,002,396 | ---- | C] () -- C:\Users\Justin Sidwell\Documents\goo.rtf
    [2012/12/19 03:54:17 | 000,000,123 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Microsoft Fix it.url
    [2012/12/19 02:05:54 | 000,000,262 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Run.lnk
    [2012/12/17 23:28:46 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
    [2012/12/17 23:28:45 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
    [2012/12/17 11:09:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/12/17 11:04:10 | 000,000,937 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Downloads.lnk
    [2012/12/17 06:38:40 | 000,002,003 | ---- | C] () -- C:\Users\Justin Sidwell\Desktop\Turn Off Display.lnk
    [2012/10/29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2012/09/27 19:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/09/27 19:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/09/26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2012/09/26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2012/09/26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2012/09/26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/03/14 08:30:09 | 008,196,304 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Local\census.cache
    [2011/03/14 08:29:23 | 000,095,544 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Local\ars.cache
    [2011/03/14 08:26:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/29 10:56:50 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2011/01/29 10:56:50 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2011/01/29 10:56:10 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011/01/29 10:56:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2011/01/29 10:54:42 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
    [2010/08/27 13:25:27 | 000,000,036 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Local\housecall.guid.cache
    [2010/08/23 20:05:32 | 000,001,024 | ---- | C] () -- C:\Users\Justin Sidwell\.rnd
    [2010/08/05 18:04:20 | 000,007,630 | ---- | C] () -- C:\Users\Justin Sidwell\AppData\Local\resmon.resmoncfg

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/10 13:02:14 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Dropbox
    [2012/11/07 05:35:38 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Hellogramming
    [2013/01/06 06:08:35 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\IObit
    [2012/12/26 19:32:02 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Leadertech
    [2012/12/21 03:05:57 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Razer
    [2013/01/06 06:04:18 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Samsung
    [2012/11/08 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\TuneUp Software
    [2012/03/01 20:05:55 | 000,000,000 | ---D | M] -- C:\Users\Justin Sidwell\AppData\Roaming\Yxiqub

    ========== Purity Check ==========



    < End of report >
  19. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    Whoops. Here's and Extras report from OTL:

    OTL Extras logfile created on: 1/10/2013 1:16:35 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin Sidwell\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 5.57 Gb Available Physical Memory | 69.67% Memory free
    13.99 Gb Paging File | 11.44 Gb Available in Paging File | 81.76% Paging File free
    Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 353.05 Gb Free Space | 37.91% Space Free | Partition Type: NTFS
    Drive E: | 848.31 Mb Total Space | 702.96 Mb Free Space | 82.87% Space Free | Partition Type: FAT32

    Computer Name: TOWEROFPOWER10 | User Name: Justin Sidwell | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{74B9815D-23D0-45CD-B91F-BD83410A01C5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8B3C7E63-6213-4163-BCA0-FF338624395B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9E892277-599B-42EA-8DDB-8EEC6BFBFC9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BB39E964-B85C-4E04-A056-03AB459D381D}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BC6FD63B-4EDD-4B28-BE90-A36584C12F2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C2F503E7-C9DE-4040-B22B-DEDFB2CAE2FA}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{D8262136-BFF4-4A70-852D-F8B55E8E11AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E3FE4414-99AC-406B-948D-F38757BF4945}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{FE25C74F-E1C9-49CE-8D1D-30334708A3DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0BBE61F9-218D-4F05-A3F1-2AE8877D41BD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0E260DAF-138E-498D-8417-A2E666358CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0E50A082-60AC-42FE-A151-DA3BFBB4C4FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1935253F-6E28-47AB-A280-0FEFC9DE3CB5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{29E05C0E-BC50-4938-A5CD-55646A6AE25C}" = protocol=6 | dir=out | app=system |
    "{4B21CAC8-5469-492F-A276-56D7DA759A99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6ACE5C5C-FDAE-447C-A27A-78C8B0FCBB10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6E321140-7185-47AE-8A50-69CBE99D9515}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{782C7E0D-AE78-4E46-88CD-12305E4ABEB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7C0A7ABA-E400-4F9A-8EB4-943DF0EE9A68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{866BF922-8D62-4135-900D-92B476CA28B8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8C58E478-32FA-4B72-813E-7C84971BFC0B}" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
    "{9D609E34-BE24-4E10-9E05-0D14FFE82AD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BCCC80BF-E5F0-4572-9FA5-3F2789FC3D7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E64590E2-62FD-4543-8335-9F515C3FFCE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F493F87A-5EF9-4DDF-93FA-E852D19B2A37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F7725F81-12E6-4CE3-B5FD-E1940213BB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
    "TCP Query User{2D0E2674-9879-432D-907F-E7B9E3DF5E54}C:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{D5FA5660-B415-4F39-967F-6BACC33CFFF4}C:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{50AD73D0-4191-4B97-AD47-28AD72790FEC}C:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{50F7D41B-735E-4F2F-BF15-AC93E5BEDF9D}C:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\justin sidwell\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DFDADCB2-8C17-E480-A8D5-724CEA1F0676}" = AMD Drag and Drop Transcoding
    "{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "sp6" = Logitech SetPoint 6.32

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04A55A34-4DC5-4919-8B88-FFA6CC7D6D20}" = Radeon RAMDisk
    "{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
    "{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer
    "{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
    "{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
    "{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
    "{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
    "{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
    "{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
    "{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
    "{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E7300DD-08A3-4B3F-AEE1-1450843FE86E}" = NETGEAR GA311 Gigabit Adapter
    "{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
    "{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
    "{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
    "{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
    "{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
    "{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
    "{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
    "{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
    "{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "Geekbench 2.4" = Geekbench 2.4
    "Google Chrome" = Google Chrome
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "PlexUtil" = SmartPack 1.21.0
    "Smart Defrag 2_is1" = Smart Defrag 2
    "Steam App 220" = Half-Life 2
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 380" = Half-Life 2: Episode One
    "Steam App 400" = Portal
    "Steam App 420" = Half-Life 2: Episode Two
    "Steam App 440" = Team Fortress 2
    "Steam App 620" = Portal 2
    "VLC media player" = VLC media player 2.0.5

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox
    "MusicManager" = Music Manager
    "MyFreeCodec" = MyFreeCodec

    < End of report >
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adware...

    here's another fix for adware...

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
  21. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    Ok, I have the previously used copy of OTL. I'll run that now.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good. I'll see the fix log in the morning and come back with remainder of instruction.
  23. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Justin Sidwell\Desktop\Project Mr. Clean\cmd.bat deleted successfully.
    C:\Users\Justin Sidwell\Desktop\Project Mr. Clean\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 50623 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 40359812 bytes
    ->Java cache emptied: 1198477 bytes
    ->Flash cache emptied: 58382 bytes

    User: Justin Sidwell
    ->Temp folder emptied: 125126770 bytes
    ->Temporary Internet Files folder emptied: 120866546 bytes
    ->Java cache emptied: 35 bytes
    ->Google Chrome cache emptied: 246546990 bytes
    ->Flash cache emptied: 523 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 1154 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 87959722 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4589064 bytes
    RecycleBin emptied: 652 bytes

    Total Files Cleaned = 598.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01102013_190614
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  25. TrunkMonkey

    TrunkMonkey Newcomer, in training Topic Starter Posts: 79

    I have no issues to report except one. Yesterday after completing your instruct my SYS tray/notification bar only showed action center, home network and volume. Notification customize menu had everything blacked out. So I toggled the 'all on/off' option,said OK,restarted, and it was back to normal. That was the first restart since completing your scans. PC continues to run faster than I can recall ever before. Is there a particular scan we can run which had previously found junk, to verify it does not find anything now? Just a thought. Again,I know nothing ;)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.