Solved Possible svchost.exe problem, unsure though.

Austin Mahar

Austin Mahar

Posts: 35   +0
Basically my wireless connection disables itself like once a day. If I try to disable and re-enable the enable will not enable. If I shut down after trying to re-enable it will be an endless "shutting down..." screen. I run in high performance mode and always have the charger plugged in so it's not deactivating because of saving power. I use Advanced System Care Pro 6.3 and Sunbelt's VIPRE. Advanced System Care catches a lot of Registry Errors every day. I went on a windows site and they wanted me to pay them like $100 dollars to fix the computer and they are also the ones that found some svchost.exe stealth thing in red text on the command prompt. They also found out a lot of services were stopped. I was ignoring the disabling itself and not getting help because it only happened like once a day. Today it happened three times in a row so I have come to look for help. Help me Tech spot! You're my only hope!
 
Also I must add that command prompt does flash on the screen for like a second when I get to the desktop after logging into the computer
 
Welcome aboard

Please complete all steps listed here: http://www.suggest-a-fix.com/index.php?/topic/11-new-malware-posting-guidelines/
Create new topic here: http://www.suggest-a-fix.com/index....iruses-trojans-spyware-and-browser-hijacking/

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Uninstall Advanced System Care, which may by one of the reasons for your troubles.

Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

 
I have deleted my Registry Cleaners and made the post on suggest a fix. I will do the Malware bytes anti malware scan, VIPRE scan, DDS; and give you the logs after I wake up tomorrow. Thanks for the help
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
barb :: BARB-PC [administrator]

Protection: Enabled

8/4/2013 2:53:07 PM
mbam-log-2013-08-04 (14-53-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225428
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www1.delta-search.com/?babsrc=HP_ss&mntrId=4628000078BBA9E1&affID=119351&tsp=4948) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 12
C:\Users\barb\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Files Detected: 32
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\17d56e.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\17d575.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\17d57c.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\barb\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)
Mbam Logs ^
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by barb at 17:09:41 on 2013-08-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3602 [GMT -4:00]
.
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Users\barb\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Users\barb\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=TJ&userid=686bf4f2-e811-4f5e-8d2e-f532f02cbe03&searchtype=ds&q={searchTerms}&installDate=22/06/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=TJ&userid=686bf4f2-e811-4f5e-8d2e-f532f02cbe03&searchtype=ds&q={searchTerms}&installDate=22/06/2013
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=TJ&userid=686bf4f2-e811-4f5e-8d2e-f532f02cbe03&searchtype=ds&q={searchTerms}&installDate=22/06/2013
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Akamai NetSession Interface] "C:\Users\barb\AppData\Local\Akamai\netsession_win.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A2842DCA-53DF-4CB7-AD33-52F4A3AD0778} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A2842DCA-53DF-4CB7-AD33-52F4A3AD0778}\7756374756C6C663930313 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\barb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\barb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\barb\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-18 18:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-26 18:08; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: !HIDDEN! 2013-02-15 18:51; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 4628cb59000000000000000078bba9e1
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15905
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.59:54:10
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4948
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2013-7-21 37472]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-4 39768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-4 283200]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2013-7-18 253528]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2013-7-18 55384]
R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2013-7-18 94296]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-11 204288]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-11 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-6-23 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-8-11 244624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-3 701512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-5-11 72280]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-21 96768]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-11 142632]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-11 77424]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-3 25928]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2013-7-18 84568]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-23 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; [x]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-7-15 21656]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-10 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-11 250984]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-8-11 1142376]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2013-7-18 84568]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2013-7-18 60504]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-10 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2012-12-15 21504]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
.
=============== Created Last 30 ================
.
2013-08-04 03:20:39--------d-----w-C:\Program Files\CCleaner
2013-08-04 03:13:5325928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-08-04 03:13:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-04 00:06:19--------d-----w-C:\Users\barb\AppData\Local\Akamai
2013-08-04 00:06:14--------d-----w-C:\AeriaGames
2013-08-03 16:47:00--------d-----w-C:\Program Files (x86)\WB Games
2013-08-02 21:13:01--------d-----w-C:\ProgramData\BlueStacksSetup
2013-07-29 12:58:50--------d-----w-C:\Users\barb\AppData\Local\LogMeIn Hamachi
2013-07-27 16:54:57--------d-----w-C:\Users\barb\AppData\Local\PAYDAY 2
2013-07-26 15:30:29--------d-----w-C:\Users\barb\AppData\Local\PAYDAY
2013-07-23 17:00:58--------d-----w-C:\GOG Games
2013-07-22 14:44:58--------d-----w-C:\MATS
2013-07-21 20:50:13--------d-----w-C:\Users\barb\AppData\Roaming\Malwarebytes
2013-07-21 20:50:00--------d-----w-C:\ProgramData\Malwarebytes
2013-07-21 17:46:12--------d-----w-C:\Windows\System32\MRT
2013-07-21 14:35:58--------d-----w-C:\Program Files (x86)\SecondLifeViewer
2013-07-21 05:13:2996768----a-w-C:\Windows\System32\drivers\AtihdW76.sys
2013-07-21 05:13:29110080----a-w-C:\Windows\System32\DelayAPO.dll
2013-07-21 05:13:1937472----a-w-C:\Windows\System32\drivers\amdkmpfd.sys
2013-07-20 14:15:53--------d-----w-C:\Users\barb\AppData\Local\{CD0A2B13-45F3-4ADE-B707-D487D2108FBD}
2013-07-19 13:54:27--------d-----w-C:\ProgramData\BrowserDefender
2013-07-19 13:54:10--------d-----w-C:\ProgramData\Pivot Animator
2013-07-19 13:53:44--------d-----w-C:\Program Files (x86)\Safe Saver
2013-07-19 13:53:22--------d-----w-C:\Program Files (x86)\Pivot Animator
2013-07-19 01:09:24--------d-----w-C:\Users\barb\AppData\Roaming\Sunbelt
2013-07-19 01:09:24--------d-----w-C:\ProgramData\Sunbelt
2013-07-19 01:08:4360504----a-w-C:\Windows\System32\drivers\sbhips.sys
2013-07-19 01:08:4294296----a-w-C:\Windows\System32\drivers\sbtis.sys
2013-07-19 01:08:2584568----a-w-C:\Windows\System32\drivers\SbFwIm.sys
2013-07-19 01:08:24253528----a-w-C:\Windows\System32\drivers\SbFw.sys
2013-07-19 01:08:2355384----a-w-C:\Windows\System32\drivers\sbredrv.sys
2013-07-19 01:08:2345904----a-w-C:\Windows\System32\sbbd.exe
2013-07-19 01:08:21--------d-----w-C:\Program Files (x86)\Sunbelt Software
2013-07-19 01:05:16--------d-----w-C:\Users\barb\AppData\Local\Avg2013
2013-07-18 19:45:543----a-w-C:\Users\barb\AppData\Roaming\ispnetkey.dll
2013-07-18 19:45:54--------d-----w-C:\ProgramData\KeyExtender
2013-07-18 15:58:40--------d-----w-C:\Users\barb\AppData\Local\{A6B9B7AC-8CDE-4C69-B7DB-BF70F6EBADC2}
2013-07-15 15:12:4921656----a-w-C:\Windows\System32\drivers\evolve.sys
2013-07-15 15:12:42--------d-----w-C:\Program Files\Echobit
2013-07-15 15:10:41--------d-----w-C:\ProgramData\Echobit
2013-07-15 15:10:38--------d-----w-C:\Users\barb\AppData\Local\Echobit
2013-07-15 10:46:3996168----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-15 03:21:31--------d-----w-C:\Program Files (x86)\osu!
2013-07-12 12:40:14--------d-----w-C:\Users\barb\AppData\Local\My Games
2013-07-10 16:35:05--------d-----w-C:\Users\barb\AppData\Roaming\Natural Selection 2
2013-07-10 14:06:45--------d-----w-C:\Users\barb\AppData\Local\CrashRpt
2013-07-10 13:50:46282512----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2013-07-10 13:50:4276888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
2013-07-10 13:44:14--------d-----w-C:\Program Files (x86)\Microsoft Chart Controls
2013-07-10 01:59:299216----a-w-C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 01:59:29571904----a-w-C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 01:59:2954784----a-w-C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 01:59:294608----a-w-C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 01:59:29392704----a-w-C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 01:59:29314880----a-w-C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 01:59:291011712----a-w-C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 01:57:59701952----a-w-C:\Program Files\Internet Explorer\ieproxy.dll
2013-07-10 01:56:40624128----a-w-C:\Windows\System32\qedit.dll
2013-07-10 01:56:40509440----a-w-C:\Windows\SysWow64\qedit.dll
2013-07-10 01:48:391732608----a-w-C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 01:48:391402880----a-w-C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 01:48:391393152----a-w-C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 01:48:38936448----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:48:381367040----a-w-C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:48:131887744----a-w-C:\Windows\System32\WMVDECOD.DLL
2013-07-10 01:48:131620480----a-w-C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 01:48:001643520----a-w-C:\Windows\System32\DWrite.dll
2013-07-10 01:48:001247744----a-w-C:\Windows\SysWow64\DWrite.dll
2013-07-09 13:08:50--------d-----w-C:\Users\barb\AppData\Roaming\MediaArt
2013-07-09 13:08:50--------d-----w-C:\ProgramData\MediaArt
2013-07-09 13:04:47--------d-----w-C:\Program Files (x86)\Love Story - The Way Home
2013-07-09 11:59:10--------d-----w-C:\Users\barb\AppData\Local\Big Fish
2013-07-09 11:59:09--------d-----w-C:\BigFishCache
2013-07-08 14:50:16--------d-----w-C:\Users\barb\AppData\Local\Skyrim
2013-07-06 23:27:33--------d-----w-C:\Program Files (x86)\TERA
2013-07-06 23:27:28--------d-----w-C:\Users\barb\AppData\Local\TERA
2013-07-06 17:57:24--------d-----w-C:\Program Files (x86)\2K Games
2013-07-06 14:35:19--------d-----w-C:\Program Files (x86)\FTL
.
==================== Find3M ====================
.
2013-07-25 02:11:5871048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-25 02:11:58692104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-15 10:46:30867240----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2013-07-15 10:46:30789416----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-07-10 14:15:42281032----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-10 14:12:42281032----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-10 01:58:493153920----a-w-C:\Windows\System32\win32k.sys
2013-07-10 01:58:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-07-10 01:58:032706432----a-w-C:\Windows\System32\mshtml.tlb
2013-07-10 01:58:0267072----a-w-C:\Windows\System32\iesetup.dll
2013-07-10 01:58:0261440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-07-10 01:58:012877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-07-10 01:58:003958784----a-w-C:\Windows\System32\jscript9.dll
2013-07-10 01:58:002241024----a-w-C:\Windows\System32\wininet.dll
2013-07-10 01:58:001767936----a-w-C:\Windows\SysWow64\wininet.dll
2013-07-10 01:57:57136704----a-w-C:\Windows\System32\iesysprep.dll
2013-07-10 01:57:57109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-07-10 01:57:5389600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 01:57:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-21 01:09:4642184----a-w-C:\Windows\System32\drivers\taphss6.sys
2013-06-12 18:15:449089416----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 19:00:031910632----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-06-11 18:59:46751104----a-w-C:\Windows\System32\win32spl.dll
2013-06-11 18:59:46492544----a-w-C:\Windows\SysWow64\win32spl.dll
2013-06-11 18:59:2230720----a-w-C:\Windows\System32\cryptdlg.dll
2013-06-11 18:59:2224576----a-w-C:\Windows\SysWow64\cryptdlg.dll
2013-06-11 18:58:401887232----a-w-C:\Windows\System32\d3d11.dll
2013-06-11 18:58:401505280----a-w-C:\Windows\SysWow64\d3d11.dll
2013-06-11 18:58:251424384----a-w-C:\Windows\System32\WindowsCodecs.dll
2013-06-11 18:58:251230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-11 18:57:55903168----a-w-C:\Windows\SysWow64\certutil.exe
2013-06-11 18:57:5552224----a-w-C:\Windows\System32\certenc.dll
2013-06-11 18:57:5543008----a-w-C:\Windows\SysWow64\certenc.dll
2013-06-11 18:57:551464320----a-w-C:\Windows\System32\crypt32.dll
2013-06-11 18:57:551192448----a-w-C:\Windows\System32\certutil.exe
2013-06-11 18:57:551160192----a-w-C:\Windows\SysWow64\crypt32.dll
2013-06-11 18:57:54184320----a-w-C:\Windows\System32\cryptsvc.dll
2013-06-11 18:57:54140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2013-06-11 18:57:54139776----a-w-C:\Windows\System32\cryptnet.dll
2013-06-11 18:57:54103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2013-06-09 03:45:29707354----a-w-C:\Windows\unins000.exe
2013-05-10 16:01:41275360----a-w-C:\Windows\System32\DreamScene.dll
2013-05-10 04:43:13275360----a-w-C:\Windows\System32\DreamScene.dll.9641
.
============= FINISH: 17:12:23.65 ===============
DDS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/23/2012 9:53:50 AM
System Uptime: 8/4/2013 5:05:21 PM (0 hours ago)
.
Motherboard: Gateway | | SJV70-SB
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 123.398 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 465.653 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Avnex Virtual Audio Device
Device ID: ROOT\MEDIA\0000
Manufacturer: AVNEX Ltd.
Name: Avnex Virtual Audio Device
PNP Device ID: ROOT\MEDIA\0000
Service: VCSVADHWSer
.
==== System Restore Points ===================
.
RP218: 7/30/2013 1:08:15 PM - Installed DirectX
RP219: 8/2/2013 10:33:45 AM - Installed osu!
RP220: 8/2/2013 5:55:10 PM - Removed BlueStacks Notification Center
RP221: 8/3/2013 5:35:54 PM - Removed LogMeIn Hamachi
.
==== Installed Programs ======================
.
µTorrent
1400
1400_Help
1400Trb
64 Bit HP CIO Components Installer
Ace of Spades
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Agatha Christie - Death on the Nile
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
AMD APP SDK Runtime
AMD System Monitor
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
AviSynth 2.5
Backup Manager V3
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Bonjour
Borderlands 2
BufferChm
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chronicles of Albian
Chuzzle Deluxe
cleosviproom
Comic Sound Pack
Copy
Counter-Strike: Source
Cradle of Rome 2
D3DX10
DAEMON Tools Lite
Dead Island
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations
DeviceDiscovery
Dishonored
DocProc
Dora's World Adventure
DreamScene Seven version 1.6
eBay Worldwide
ETDWare PS/2-X64 8.0.6.3_WHQL
Euro Truck Simulator 2
European Mystery: Scent of Desire Collector’s Edition
ExamGuard
F.lux
Facebook Video Calling 1.2.0.287
Fairway ™ Collector's Edition
Far Cry® 3
FATE: The Cursed King
Fax
ffdshow v1.2.4496 [2012-12-13]
Fierce Tales: The Dog's Heart Collector's Edition
FileZilla Client 3.7.1.1
Final Drive: Nitro
Fraps (remove only)
FTL version 1.03.1
Galerie de photos Windows Live
Game Dev Tycoon v1.3.9
Garry's Mod
Gateway Games
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
GPBaseService2
gpedt.msc 1.0
Grand Theft Auto IV
Haali Media Splitter
Half-Life 2
Half-Life 2: Episode One
Half-Life: Opposing Force
Hotline Miami
House of 1000 Doors: Serpent Flame Collector's Edition
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
Internet Explorer Toolbar 4.6 by SweetPacks
iTunes
J2SE Runtime Environment 5.0
Java 7 Update 25
Java Auto Updater
Java(TM) 7 (64-bit)
Jewel Match 3
Jewel Quest
Junk Mail filter update
L.A.Noire
Launch Manager
League of Legends
Living Legends: Frozen Beauty Collector's Edition
LogMeIn Hamachi
Love Story: The Way Home
Mabinogi
Maestro: Music from the Void Collector's Edition
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Office 32-bit Components 2010
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word 2010
Microsoft WSE 3.0 Runtime
MorphVOX Pro
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.5.6366 (64-bit)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files&reg;: Shadow Lake Collector's Edition
Mystery of Mortlake Mansion
Mystery Trackers: Four Aces Collector's Edition
Natural Selection 2
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Network64
Nexon Game Manager
Nightmares from the Deep: The Cursed Heart Collector's Edition
NOOK for PC
Norton Online Backup
Notepad++
NVIDIA PhysX
OCR Software by I.R.I.S. 13.0
osu!
OverDrive Media Console
Pando Media Booster
PAYDAY 2 Beta
PAYDAY: The Heist
Penguins!
Pivot Animator version 4.1.9
PlanetSide 2
Plants vs. Zombies - Game of the Year
Play withSIX
Polar Bowler
Polar Golfer
Primal Carnage
PunkBuster Services
RaidCall
Razer Game Booster
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ReClock
Redemption Cemetery: Grave Testimony Collector’s Edition
Redemption Cemetery: Salvation of the Lost Collector's Edition
Revo Uninstaller 1.94
Rising Storm/Red Orchestra 2 Multiplayer
Rockstar Games Social Club
Rusty Hearts PWE
Safe Saver
Saints Row: The Third
Scan
Scribblenauts Unlimited
SecondLifeViewer (remove only)
Secrets of the Dark: Eclipse Mountain Collector's Edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
SelectionLinks
Seven Seas Solitaire
Shop for HP Supplies
Sid Meier's Civilization V
Skype Click to Call
Skype™ 6.6
Slot Quest - The Vampire Lord
Slots Inferno
SmartWebPrinting
SolutionCenter
SPORE™
Spotify
Status
Steam
Surface: The Soaring City Collector's Edition
SweetIM for Messenger 3.7
TeamSpeak 3 Client
TERA
The Binding of Isaac
The Elder Scrolls V: Skyrim
The Lake House: Children of Silence
The Sims™ 3 Diesel Stuff
The Sims™ 3 Seasons
The Sims™ 3 Town Life Stuff
Times Reader
Toolbox
Torchlight
Translator Fun Voice Pack
TrayApp
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update Installer for WildTangent Games App
Update Manager for SweetPacks 1.0
Uplay
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Video Web Camera
VIPRE Antivirus Premium
Virtual Villagers 5 - New Believers
Visual Studio 2010 x64 Redistributables
WebReg
Welcome Center
WildTangent Games App (Gateway Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
XSplit
Yontoo 1.10.02
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/4/2013 7:46:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
8/4/2013 5:06:19 PM, Error: Service Control Manager [7000] - The vToolbarUpdater15.0.1 service failed to start due to the following error: The system cannot find the path specified.
8/4/2013 5:06:10 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The system cannot find the path specified.
8/4/2013 10:55:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
8/4/2013 10:54:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
8/4/2013 10:54:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
8/4/2013 10:53:56 AM, Error: Service Control Manager [7022] - The VIPRE Antivirus Premium service hung on starting.
8/4/2013 10:53:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
8/4/2013 10:53:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
8/4/2013 10:50:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/4/2013 10:50:12 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2013 10:48:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
8/4/2013 10:48:24 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2013 10:46:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Nero Update service to connect.
8/4/2013 10:44:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
8/4/2013 10:44:19 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2013 10:44:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SBAMSvc service.
8/4/2013 10:42:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
8/4/2013 10:41:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
8/4/2013 10:36:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
8/4/2013 10:36:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
8/4/2013 10:29:11 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8006138a10, 0xfffff800043e2518, 0xfffffa800639cc60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080413-46363-01.
8/3/2013 6:02:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/3/2013 6:01:37 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/3/2013 6:01:37 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
8/3/2013 5:37:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
8/3/2013 5:37:07 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2013 10:58:54 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).
8/1/2013 10:04:49 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================
Attach ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^6
 
redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
I ran rougue killer twice as I had applications closed and memory told me to run it twice when in fact I was supposed to run MBAR twice, which I also did. These are the Rogue Killer Logs I have.


RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : barb [Admin rights]
Mode : Scan -- Date : 08/04/2013 19:07:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 7 ¤¤¤
[V1][ROGUE ST] Safe Saver-firefoxinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> FOUND
[V1][ROGUE ST] Safe Saver-chromeinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> FOUND
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[V2][ROGUE ST] 4588 : wscript.exe - C:\Users\barb\AppData\Local\Temp\launchie.vbs //B -> FOUND
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[V2][ROGUE ST] Safe Saver-chromeinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> FOUND
[V2][ROGUE ST] Safe Saver-firefoxinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 support.leagueoflegends.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++
--- User ---
[MBR] a42d33275e2634a2505887232733fcd7
[BSP] e022f3aef868e037529804933c79e494 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000BPVT-22HXZT3 ATA Device +++++


RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : barb [Admin rights]
Mode : Remove -- Date : 08/04/2013 19:11:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 7 ¤¤¤
[V1][ROGUE ST] Safe Saver-firefoxinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> DELETED
[V1][ROGUE ST] Safe Saver-chromeinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> DELETED
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED
[V2][ROGUE ST] 4588 : wscript.exe - C:\Users\barb\AppData\Local\Temp\launchie.vbs //B -> DELETED
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> ERROR DELETING TASK
[V2][ROGUE ST] Safe Saver-chromeinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> ERROR DELETING TASK
[V2][ROGUE ST] Safe Saver-firefoxinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> ERROR DELETING TASK

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 support.leagueoflegends.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++
--- User ---
[MBR] a42d33275e2634a2505887232733fcd7
[BSP] e022f3aef868e037529804933c79e494 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000BPVT-22HXZT3 ATA Device +++++
--- User ---
[MBR] 2b3ececb0af104c1db147dc39f36473f
[BSP] 73a0540af52ba32a36713747d032a552 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08042013_191130.txt >>
RKreport[0]_S_08042013_190752.txt


RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : barb [Admin rights]
Mode : Scan -- Date : 08/04/2013 19:16:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 support.leagueoflegends.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++
--- User ---
[MBR] a42d33275e2634a2505887232733fcd7
[BSP] e022f3aef868e037529804933c79e494 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000BPVT-22HXZT3 ATA Device +++++
--- User ---
[MBR] 2b3ececb0af104c1db147dc39f36473f
[BSP] 73a0540af52ba32a36713747d032a552 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08042013_191634.txt >>
RKreport[0]_D_08042013_191130.txt;RKreport[0]_S_08042013_190752.txt


The RK_Quarantine Folder has 2 HKEY local machine software micro...'s
Physical Drive0_User.dat
PhysicalDrive1_user.dat
and the rogue killer configuration settings
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-08-04.01 - barb 08/04/2013 22:03:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.4197 [GMT -4:00]
Running from: c:\users\barb\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\barb\AppData\Local\assembly\tmp
c:\users\barb\AppData\Local\Temp\wrd-15f4-17e8-980984.~lk\0.mdd
c:\users\barb\AppData\Local\Temp\wrd-15f4-17e8-980984.~lk\1.mdd
c:\users\barb\AppData\Local\Temp\wrd-15f4-17e8-980984.~lk\2.mdd
c:\users\barb\AppData\Local\Temp\wrd-15f4-17e8-980984.~lk\3.mdd
c:\users\barb\AppData\Roaming\ispnetkey.dll
c:\windows\SysWow64\d3dx10_43.dll.tmp
c:\windows\SysWow64\frapsvid.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-07-05 to 2013-08-05 )))))))))))))))))))))))))))))))
.
.
2013-08-05 02:15 . 2013-08-05 02:15--------d-----w-c:\users\Default\AppData\Local\temp
2013-08-04 23:27 . 2013-08-05 00:03--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-04 03:20 . 2013-08-04 03:22--------d-----w-c:\program files\CCleaner
2013-08-04 03:13 . 2013-08-04 03:13--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-04 03:13 . 2013-04-04 18:5025928----a-w-c:\windows\system32\drivers\mbam.sys
2013-08-04 00:06 . 2013-08-04 00:09--------d-----w-c:\users\barb\AppData\Local\Akamai
2013-08-04 00:06 . 2013-08-04 00:06--------d-----w-C:\AeriaGames
2013-08-03 16:47 . 2013-08-03 16:47--------d-----w-c:\program files (x86)\WB Games
2013-08-02 21:13 . 2013-08-02 21:16--------d-----w-c:\programdata\BlueStacksSetup
2013-07-29 12:58 . 2013-08-03 20:15--------d-----w-c:\users\barb\AppData\Local\LogMeIn Hamachi
2013-07-27 16:56 . 2013-07-27 16:56--------d-----w-c:\program files (x86)\AGEIA Technologies
2013-07-27 16:54 . 2013-07-28 15:35--------d-----w-c:\users\barb\AppData\Local\PAYDAY 2
2013-07-26 15:30 . 2013-07-26 15:30--------d-----w-c:\users\barb\AppData\Local\PAYDAY
2013-07-23 17:00 . 2013-07-23 17:00--------d-----w-C:\GOG Games
2013-07-22 14:44 . 2013-07-22 14:44--------d-----w-C:\MATS
2013-07-21 20:50 . 2013-07-21 20:50--------d-----w-c:\users\barb\AppData\Roaming\Malwarebytes
2013-07-21 20:50 . 2013-07-21 20:50--------d-----w-c:\programdata\Malwarebytes
2013-07-21 17:46 . 2013-07-21 17:54--------d-----w-c:\windows\system32\MRT
2013-07-21 14:35 . 2013-07-21 14:36--------d-----w-c:\program files (x86)\SecondLifeViewer
2013-07-21 05:13 . 2013-02-14 23:4196768----a-w-c:\windows\system32\drivers\AtihdW76.sys
2013-07-21 05:13 . 2013-02-14 23:40110080----a-w-c:\windows\system32\DelayAPO.dll
2013-07-21 05:13 . 2013-02-14 12:3337472----a-w-c:\windows\system32\drivers\amdkmpfd.sys
2013-07-19 13:54 . 2013-08-04 19:08--------d-----w-c:\programdata\BrowserDefender
2013-07-19 13:54 . 2013-07-19 13:54--------d-----w-c:\programdata\Pivot Animator
2013-07-19 13:53 . 2013-08-03 20:38--------d-----w-c:\program files (x86)\Safe Saver
2013-07-19 13:53 . 2013-07-19 13:53--------d-----w-c:\program files (x86)\Pivot Animator
2013-07-19 01:09 . 2013-07-19 01:09--------d-----w-c:\users\barb\AppData\Roaming\Sunbelt
2013-07-19 01:09 . 2013-07-19 01:09--------d-----w-c:\programdata\Sunbelt
2013-07-19 01:08 . 2011-04-05 21:3560504----a-w-c:\windows\system32\drivers\sbhips.sys
2013-07-19 01:08 . 2011-04-05 21:3594296----a-w-c:\windows\system32\drivers\sbtis.sys
2013-07-19 01:08 . 2011-02-08 13:1484568----a-w-c:\windows\system32\drivers\SbFwIm.sys
2013-07-19 01:08 . 2011-04-05 21:35253528----a-w-c:\windows\system32\drivers\SbFw.sys
2013-07-19 01:08 . 2011-05-11 20:5545904----a-w-c:\windows\system32\sbbd.exe
2013-07-19 01:08 . 2011-04-29 18:1555384----a-w-c:\windows\system32\drivers\sbredrv.sys
2013-07-19 01:08 . 2013-07-19 01:08--------d-----w-c:\program files (x86)\Sunbelt Software
2013-07-19 01:05 . 2013-07-19 01:06--------d-----w-c:\users\barb\AppData\Local\Avg2013
2013-07-18 22:30 . 2013-07-18 22:30--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
2013-07-18 19:45 . 2013-07-18 19:45--------d-----w-c:\programdata\KeyExtender
2013-07-18 14:53 . 2013-07-18 14:53--------d-----w-c:\users\barb\AppData\Roaming\Notepad++
2013-07-18 14:53 . 2013-07-18 14:53--------d-----w-c:\program files (x86)\Notepad++
2013-07-15 15:12 . 2013-07-15 15:1221656----a-w-c:\windows\system32\drivers\evolve.sys
2013-07-15 15:12 . 2013-07-15 15:12--------d-----w-c:\program files\Echobit
2013-07-15 15:10 . 2013-07-15 15:10--------d-----w-c:\programdata\Echobit
2013-07-15 15:10 . 2013-07-15 15:10--------d-----w-c:\users\barb\AppData\Local\Echobit
2013-07-15 10:46 . 2013-07-15 10:4696168----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-15 03:21 . 2013-08-02 22:11--------d-----w-c:\program files (x86)\osu!
2013-07-13 17:33 . 2013-07-18 23:50--------d-----w-c:\users\fbwuser
2013-07-13 17:32 . 2013-07-23 00:31--------d-----w-c:\users\barb\AppData\Roaming\FileZilla
2013-07-13 17:32 . 2013-07-13 17:32--------d-----w-c:\program files (x86)\FileZilla FTP Client
2013-07-12 12:40 . 2013-07-12 12:40--------d-----w-c:\users\barb\AppData\Local\My Games
2013-07-10 16:35 . 2013-07-13 15:19--------d-----w-c:\users\barb\AppData\Roaming\Natural Selection 2
2013-07-10 14:06 . 2013-07-10 14:06--------d-----w-c:\users\barb\AppData\Local\CrashRpt
2013-07-10 13:50 . 2013-07-13 11:32282512----a-w-c:\windows\SysWow64\PnkBstrB.exe
2013-07-10 13:50 . 2013-07-13 11:3276888----a-w-c:\windows\SysWow64\PnkBstrA.exe
2013-07-10 13:44 . 2013-07-10 13:44--------d-----w-c:\program files (x86)\Microsoft Chart Controls
2013-07-10 01:59 . 2013-07-10 01:599216----a-w-c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 01:59 . 2013-07-10 01:59571904----a-w-c:\program files\Windows Defender\MpClient.dll
2013-07-10 01:59 . 2013-07-10 01:5954784----a-w-c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 01:59 . 2013-07-10 01:594608----a-w-c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 01:59 . 2013-07-10 01:59392704----a-w-c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 01:59 . 2013-07-10 01:59314880----a-w-c:\program files\Windows Defender\MpCommu.dll
2013-07-10 01:59 . 2013-07-10 01:591011712----a-w-c:\program files\Windows Defender\MpSvc.dll
2013-07-10 01:57 . 2013-07-10 01:57701952----a-w-c:\program files\Internet Explorer\ieproxy.dll
2013-07-10 01:56 . 2013-07-10 01:56624128----a-w-c:\windows\system32\qedit.dll
2013-07-10 01:56 . 2013-07-10 01:56509440----a-w-c:\windows\SysWow64\qedit.dll
2013-07-10 01:48 . 2013-07-10 01:481732608----a-w-c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 01:48 . 2013-07-10 01:481402880----a-w-c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 01:48 . 2013-07-10 01:481393152----a-w-c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 01:48 . 2013-07-10 01:48936448----a-w-c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:48 . 2013-07-10 01:481367040----a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:48 . 2013-07-10 01:481887744----a-w-c:\windows\system32\WMVDECOD.DLL
2013-07-10 01:48 . 2013-07-10 01:481620480----a-w-c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 01:48 . 2013-07-10 01:481643520----a-w-c:\windows\system32\DWrite.dll
2013-07-10 01:48 . 2013-07-10 01:481247744----a-w-c:\windows\SysWow64\DWrite.dll
2013-07-09 13:08 . 2013-07-09 13:08--------d-----w-c:\users\barb\AppData\Roaming\MediaArt
2013-07-09 13:08 . 2013-07-09 13:08--------d-----w-c:\programdata\MediaArt
2013-07-09 13:04 . 2013-07-09 13:06--------d-----w-c:\program files (x86)\Love Story - The Way Home
2013-07-09 11:59 . 2013-07-09 11:59--------d-----w-c:\users\barb\AppData\Local\Big Fish
2013-07-09 11:59 . 2013-07-09 11:59--------d-----w-C:\BigFishCache
2013-07-08 14:50 . 2013-07-11 15:05--------d-----w-c:\users\barb\AppData\Local\Skyrim
2013-07-06 23:27 . 2013-07-30 23:58--------d-----w-c:\program files (x86)\TERA
2013-07-06 23:27 . 2013-07-06 23:30--------d-----w-c:\users\barb\AppData\Local\TERA
2013-07-06 17:57 . 2013-07-06 17:57--------d-----w-c:\program files (x86)\2K Games
2013-07-06 14:35 . 2013-07-06 14:35--------d-----w-c:\program files (x86)\FTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-25 02:11 . 2012-07-05 21:44692104----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-25 02:11 . 2011-08-11 16:3671048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 10:46 . 2012-12-14 08:33867240----a-w-c:\windows\SysWow64\npdeployJava1.dll
2013-07-15 10:46 . 2012-12-14 08:33789416----a-w-c:\windows\SysWow64\deployJava1.dll
2013-07-10 14:15 . 2013-06-15 20:07281032----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2013-07-10 14:12 . 2013-06-15 20:03281032----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2013-06-24 04:57 . 2013-04-16 05:1578277128----a-w-c:\windows\system32\MRT.exe
2013-06-21 01:09 . 2013-06-21 01:0942184----a-w-c:\windows\system32\drivers\taphss6.sys
2013-06-12 18:15 . 2013-06-12 17:169089416----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 19:00 . 2013-06-11 19:001910632----a-w-c:\windows\system32\drivers\tcpip.sys
2013-06-11 18:59 . 2013-06-11 18:59751104----a-w-c:\windows\system32\win32spl.dll
2013-06-11 18:59 . 2013-06-11 18:59492544----a-w-c:\windows\SysWow64\win32spl.dll
2013-06-11 18:59 . 2013-06-11 18:5930720----a-w-c:\windows\system32\cryptdlg.dll
2013-06-11 18:59 . 2013-06-11 18:5924576----a-w-c:\windows\SysWow64\cryptdlg.dll
2013-06-11 18:58 . 2013-06-11 18:581887232----a-w-c:\windows\system32\d3d11.dll
2013-06-11 18:58 . 2013-06-11 18:581505280----a-w-c:\windows\SysWow64\d3d11.dll
2013-06-11 18:58 . 2013-06-11 18:581424384----a-w-c:\windows\system32\WindowsCodecs.dll
2013-06-11 18:58 . 2013-06-11 18:581230336----a-w-c:\windows\SysWow64\WindowsCodecs.dll
2013-06-11 18:57 . 2013-06-11 18:57903168----a-w-c:\windows\SysWow64\certutil.exe
2013-06-11 18:57 . 2013-06-11 18:5752224----a-w-c:\windows\system32\certenc.dll
2013-06-11 18:57 . 2013-06-11 18:5743008----a-w-c:\windows\SysWow64\certenc.dll
2013-06-11 18:57 . 2013-06-11 18:571464320----a-w-c:\windows\system32\crypt32.dll
2013-06-11 18:57 . 2013-06-11 18:571192448----a-w-c:\windows\system32\certutil.exe
2013-06-11 18:57 . 2013-06-11 18:571160192----a-w-c:\windows\SysWow64\crypt32.dll
2013-06-11 18:57 . 2013-06-11 18:57184320----a-w-c:\windows\system32\cryptsvc.dll
2013-06-11 18:57 . 2013-06-11 18:57140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2013-06-11 18:57 . 2013-06-11 18:57139776----a-w-c:\windows\system32\cryptnet.dll
2013-06-11 18:57 . 2013-06-11 18:57103936----a-w-c:\windows\SysWow64\cryptnet.dll
2013-06-09 03:45 . 2013-06-09 03:45707354----a-w-c:\windows\unins000.exe
2013-05-10 16:01 . 2013-05-10 04:43275360----a-w-c:\windows\system32\DreamScene.dll
2013-05-10 04:43 . 2013-05-10 04:43275360----a-w-c:\windows\system32\DreamScene.dll.9641
2013-05-09 16:45 . 2011-03-29 01:3622240----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\barb\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-26 336384]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-04 1219248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-05-11 1353040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater15.0.1;vToolbarUpdater15.0.1; [x]
R3 atillk64;atillk64; [x]
R3 EagleX64;EagleX64; [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 X6VA011;X6VA011; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys;c:\windows\SYSNATIVE\drivers\sbtis.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 15:011173456----a-w-c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 02:11]
.
2013-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2736274946-839652594-1312385167-1000Core.job
- c:\users\barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 02:20]
.
2013-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2736274946-839652594-1312385167-1000UA.job
- c:\users\barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 02:20]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 09:53]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 09:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-08-02 1831016]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"SBRegRebootCleaner"="c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe" [2011-05-11 197968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=TJ&userid=686bf4f2-e811-4f5e-8d2e-f532f02cbe03&searchtype=ds&q={searchTerms}&installDate=22/06/2013
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - ExtSQL: 2013-07-18 18:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-26 18:08; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: !HIDDEN! 2013-02-15 18:51; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 4628cb59000000000000000078bba9e1
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15905
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.59:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4948
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-{459D13D6-F4B3-43A7-B465-0865464B87C8} - (no file)
WebBrowser-{459D13D6-F4B3-43A7-B465-0865464B87C8} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\SecuROM\License information*]
"datasecu"=hex:b5,c3,09,07,35,1e,75,e7,40,5d,69,cd,d9,80,65,b0,0b,bc,f7,22,ac,
c8,c3,b2,b4,b6,ed,d8,9d,2d,88,65,0d,95,94,fb,d9,09,18,b6,70,65,8f,49,75,e8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-08-04 22:24:20 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-05 02:24
.
Pre-Run: 130,527,129,600 bytes free
Post-Run: 130,359,742,464 bytes free
.
- - End Of File - - 0D9ACC6311E8E94AA9799BD3D915E4F6
A36C5E4F47E84449FF07ED3517B43A31
Help fast please! When it was done and I tried to run things it said that this registry was marked for deletion then wouldn't let me unless I went on safe mode.
 
Sources online seem to say I should reboot and it fill fix itself, I'll give that a try even though the last two times it just gave me frozen screen.
 
Nevermind, it just took a couple restarts, awaiting further instructions.
Just ignore all my panicking lol^^^^^
 
Combofix log looks good.
If you've read my instructions carefully...
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Click to expand...

How is computer doing?

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v2.306 - Logfile created 08/05/2013 at 19:35:43
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : barb - BARB-PC
# Boot Mode : Normal
# Running from : C:\Users\barb\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\barb\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\bprotector_extensions.sqlite
File Deleted : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\bprotector_prefs.js
File Deleted : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\searchplugins\Babylon.xml
File Deleted : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\searchplugins\delta.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Users\barb\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\5f0dcd1e76ee948
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5f0dcd1e76ee948
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\prefs.js

C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\user.js ... Deleted !

Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "4628cb59000000000000000078bba9e1");
Deleted : user_pref("extensions.delta.instlDay", "15905");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.59:54:10");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4948");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v28.0.1500.95

File : C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2497] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=4628000078BBA9E1&affID=119351&tsp=[...]

*************************

AdwCleaner[S1].txt - [11909 octets] - [05/08/2013 19:35:43]

########## EOF - C:\AdwCleaner[S1].txt - [11970 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.3 (08.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by barb on Mon 08/05/2013 at 19:45:21.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311321154}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\barb\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"
Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{123BA9A8-926D-48BC-94B7-DE0F33F693FE}
Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{1D6B4E8B-6117-47E6-A3EE-988AEBFA66CD}
Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{5B7A7B2E-9689-40BC-A28C-F693FFEB2F89}
Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{A6B9B7AC-8CDE-4C69-B7DB-BF70F6EBADC2}
Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{B0CC6B25-14BE-43CD-BAB8-4548F98A0E21}
Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{CD0A2B13-45F3-4ADE-B707-D487D2108FBD}
Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{DE1A2AB6-CE11-4750-B5D3-C4D78896B20C}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/05/2013 at 19:53:41.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 8/5/2013 8:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\barb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 75.66% Memory free
10.96 Gb Paging File | 9.29 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 122.11 Gb Free Space | 27.10% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.65 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: BARB-PC | User Name: barb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/05 19:34:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\barb\Desktop\OTL.exe
PRC - [2013/07/13 07:32:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/05 01:02:10 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\barb\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/30 22:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/06/30 22:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/06/30 22:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/06/30 22:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2011/05/11 17:16:32 | 001,353,040 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2011/03/09 13:11:22 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
PRC - [2011/03/09 13:10:32 | 000,290,112 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
PRC - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/09 13:13:18 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/09 21:59:29 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/08/02 14:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/05/25 12:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/22 12:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/07/26 18:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/24 22:11:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/13 07:32:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/24 11:37:51 | 004,456,320 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/06/30 22:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/03/09 13:11:22 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/15 11:12:14 | 000,021,656 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evolve.sys -- (EvolveVirtualAdapter)
DRV:64bit: - [2013/06/20 21:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/05/04 09:37:02 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 20:24:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/02/14 19:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/14 08:33:06 | 000,037,472 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2013/02/08 10:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/01/10 02:11:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/01/10 02:11:17 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/01/10 02:11:16 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/15 11:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/14 01:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 01:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/05 08:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/25 13:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/25 11:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/04/05 07:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/03/01 05:54:36 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/01/24 23:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/12/15 11:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/12/01 04:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2012/08/01 15:44:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.p...tBtCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=870646065
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 11 DA 14 F8 46 CE 01 [binary data]
IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\barb\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\barb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\barb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/15 19:51:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/15 19:51:08 | 000,000,000 | ---D | M]

[2012/08/27 01:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/27 01:43:12 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/08/03 22:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\qkxihmpl.default\extensions
[2013/05/01 19:28:40 | 000,068,740 | R--- | M] () (No name found) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\qkxihmpl.default\extensions\NoiaFoxoption@davidvincent.tld.xpi
[2013/05/01 19:28:40 | 002,478,880 | R--- | M] () (No name found) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\qkxihmpl.default\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/08/05 19:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Google Update (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Disabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Disabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Disabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Windows Live Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Disabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Disabled) = C:\Users\barb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Disabled) = C:\Users\barb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: jarPlug = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\anhldmgeompmlcmdcpbgdecdokhedlaa\1.1.0_0\
CHR - Extension: Google Docs = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: AdBlock = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\
CHR - Extension: Plug+ = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf\1.1.4.14_0\
CHR - Extension: Safe Saver = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehnejgknjfgfdmijlaloodhdgnbgdgn\1.23.29_0\crossrider
CHR - Extension: Safe Saver = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehnejgknjfgfdmijlaloodhdgnbgdgn\1.23.29_0\

O1 HOSTS File: ([2013/08/04 22:18:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {459D13D6-F4B3-43A7-B465-0865464B87C8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {459D13D6-F4B3-43A7-B465-0865464B87C8} - No CLSID value found.
O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe (Sunbelt Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000..\Run: [Akamai NetSession Interface] C:\Users\barb\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2842DCA-53DF-4CB7-AD33-52F4A3AD0778}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/05 19:42:43 | 000,001,800 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========

[2013/08/05 19:45:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/05 19:34:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\barb\Desktop\OTL.exe
[2013/08/05 19:34:10 | 000,562,008 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\barb\Desktop\JRT.exe
[2013/08/04 22:18:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/04 22:00:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/04 22:00:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/04 22:00:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/04 21:59:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/04 21:59:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/04 19:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/03 23:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/08/03 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/08/03 23:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/03 23:13:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/03 23:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/03 20:06:19 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Akamai
[2013/08/03 20:06:14 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2013/08/03 12:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
[2013/08/03 12:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WB Games
[2013/08/02 17:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013/08/02 10:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2013/07/29 08:58:50 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\LogMeIn Hamachi
[2013/07/27 12:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/07/27 12:54:57 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\PAYDAY 2
[2013/07/26 11:30:29 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\PAYDAY
[2013/07/23 13:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013/07/23 13:00:58 | 000,000,000 | ---D | C] -- C:\GOG Games
[2013/07/22 10:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/22 10:44:58 | 000,000,000 | ---D | C] -- C:\MATS
[2013/07/21 16:50:13 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Malwarebytes
[2013/07/21 16:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/21 13:46:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/21 10:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
[2013/07/21 10:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer
[2013/07/21 01:13:29 | 000,110,080 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\DelayAPO.dll
[2013/07/19 10:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013/07/19 09:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Pivot Animator
[2013/07/19 09:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safe Saver
[2013/07/19 09:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator
[2013/07/19 09:53:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pivot Animator
[2013/07/19 05:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/18 21:09:24 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Sunbelt
[2013/07/18 21:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2013/07/18 21:08:43 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
[2013/07/18 21:08:42 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2013/07/18 21:08:25 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2013/07/18 21:08:24 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
[2013/07/18 21:08:23 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2013/07/18 21:08:23 | 000,045,904 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe
[2013/07/18 21:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunbelt Software
[2013/07/18 21:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2013/07/18 21:05:16 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Avg2013
[2013/07/18 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/18 15:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\KeyExtender
[2013/07/18 10:53:39 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/07/18 10:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/07/18 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Notepad++
[2013/07/18 10:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013/07/15 11:12:49 | 000,021,656 | ---- | C] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys
[2013/07/15 11:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Echobit
[2013/07/15 11:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Echobit
[2013/07/15 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Echobit
[2013/07/14 23:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
[2013/07/13 19:06:53 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013/07/13 13:41:19 | 000,000,000 | ---D | C] -- C:\Users\barb\Documents\New folder
[2013/07/13 13:32:23 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\FileZilla
[2013/07/13 13:32:07 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013/07/13 13:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013/07/13 09:33:46 | 000,000,000 | ---D | C] -- C:\Users\barb\Documents\DeadIsland
[2013/07/13 07:31:55 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/07/12 08:40:14 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\My Games
[2013/07/10 12:35:05 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Natural Selection 2
[2013/07/10 10:06:45 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\CrashRpt
[2013/07/10 09:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2013/07/09 09:08:50 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\MediaArt
[2013/07/09 09:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaArt
[2013/07/09 09:04:47 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Love Story - The Way Home
[2013/07/09 09:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Love Story - The Way Home
[2013/07/09 09:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Love Story - The Way Home
[2013/07/09 07:59:10 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Big Fish
[2013/07/09 07:59:09 | 000,000,000 | ---D | C] -- C:\BigFishCache
[2013/07/08 10:50:16 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Skyrim
[2013/07/08 10:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911

========== Files - Modified Within 30 Days ==========

[2013/08/05 19:59:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/05 19:48:24 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/05 19:48:24 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/05 19:41:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/05 19:40:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/05 19:39:48 | 117,624,831 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/05 19:34:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\barb\Desktop\OTL.exe
[2013/08/05 19:34:10 | 000,562,008 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\barb\Desktop\JRT.exe
[2013/08/05 19:25:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2736274946-839652594-1312385167-1000UA.job
[2013/08/05 19:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/04 22:25:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2736274946-839652594-1312385167-1000Core.job
[2013/08/04 22:18:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/02 09:22:30 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/02 09:22:30 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/02 09:22:30 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/31 10:29:02 | 000,003,711 | ---- | M] () -- C:\Windows\wininit.ini
[2013/07/26 10:57:52 | 000,005,054 | ---- | M] () -- C:\Users\barb\Documents\$R6I5UKI.jpeg
[2013/07/26 06:47:17 | 000,061,446 | ---- | M] () -- C:\Users\barb\Documents\cant-simmer-the-zimmer.jpg
[2013/07/25 12:11:10 | 000,122,805 | ---- | M] () -- C:\Users\barb\Documents\9A229729-F912-4A6C-9E87-E1DDC54A5EF2.jpg
[2013/07/25 12:08:21 | 000,083,066 | ---- | M] () -- C:\Users\barb\Documents\869A7BD9-FC2C-4093-B0E2-F8BFEF204D31.jpg
[2013/07/25 12:07:20 | 000,090,033 | ---- | M] () -- C:\Users\barb\Documents\2DC678AE-A6B2-4F74-8690-403EC765AFBB.jpg
[2013/07/25 12:04:53 | 000,067,475 | ---- | M] () -- C:\Users\barb\Documents\972243_699626963387298_577762988_n.jpg
[2013/07/25 11:20:25 | 000,060,323 | ---- | M] () -- C:\Users\barb\Documents\0F6B72CD-51E1-4D1F-A78E-589F15FA8BED.jpg
[2013/07/22 09:59:23 | 000,296,800 | ---- | M] () -- C:\Users\barb\Documents\sexysquidward.gif
[2013/07/19 14:22:09 | 000,002,246 | ---- | M] () -- C:\Users\barb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/19 02:16:59 | 000,001,682 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2013/07/19 02:16:57 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013/07/18 21:08:23 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE Antivirus Premium.lnk
[2013/07/15 11:12:14 | 000,021,656 | ---- | M] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys
[2013/07/15 07:37:38 | 000,000,024 | ---- | M] () -- C:\Users\barb\random.dat
[2013/07/15 06:49:28 | 000,000,043 | ---- | M] () -- C:\Users\barb\jagex_cl_runescape_LIVE.dat
[2013/07/13 07:32:30 | 000,282,512 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/13 07:32:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/07/10 10:15:42 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/07/10 10:12:42 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/07/10 04:12:27 | 000,316,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/09 09:06:11 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Play Love Story - The Way Home.lnk
[2013/07/09 09:06:11 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk

========== Files Created - No Company Name ==========

[2013/08/04 22:00:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/04 22:00:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/04 22:00:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/04 22:00:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/04 22:00:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/26 10:57:50 | 000,005,054 | ---- | C] () -- C:\Users\barb\Documents\$R6I5UKI.jpeg
[2013/07/26 06:47:00 | 000,061,446 | ---- | C] () -- C:\Users\barb\Documents\cant-simmer-the-zimmer.jpg
[2013/07/25 12:11:03 | 000,122,805 | ---- | C] () -- C:\Users\barb\Documents\9A229729-F912-4A6C-9E87-E1DDC54A5EF2.jpg
[2013/07/25 12:08:16 | 000,083,066 | ---- | C] () -- C:\Users\barb\Documents\869A7BD9-FC2C-4093-B0E2-F8BFEF204D31.jpg
[2013/07/25 12:07:16 | 000,090,033 | ---- | C] () -- C:\Users\barb\Documents\2DC678AE-A6B2-4F74-8690-403EC765AFBB.jpg
[2013/07/25 12:04:39 | 000,067,475 | ---- | C] () -- C:\Users\barb\Documents\972243_699626963387298_577762988_n.jpg
[2013/07/25 11:20:22 | 000,060,323 | ---- | C] () -- C:\Users\barb\Documents\0F6B72CD-51E1-4D1F-A78E-589F15FA8BED.jpg
[2013/07/22 09:59:00 | 000,296,800 | ---- | C] () -- C:\Users\barb\Documents\sexysquidward.gif
[2013/07/19 05:56:07 | 000,002,246 | ---- | C] () -- C:\Users\barb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/19 05:54:03 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/19 05:54:01 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/19 02:16:59 | 000,001,682 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2013/07/19 02:16:57 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013/07/18 21:08:23 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Antivirus Premium.lnk
[2013/07/10 09:50:46 | 000,282,512 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/10 09:50:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/07/09 09:06:11 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Play Love Story - The Way Home.lnk
[2013/07/09 09:06:11 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/06/08 23:45:31 | 000,707,354 | ---- | C] () -- C:\Windows\unins000.exe
[2013/06/08 23:45:31 | 000,001,529 | ---- | C] () -- C:\Windows\unins000.dat
[2013/06/07 11:33:52 | 000,000,677 | ---- | C] () -- C:\Users\barb\barb - Shortcut.lnk
[2013/03/04 20:30:34 | 000,001,187 | ---- | C] () -- C:\Windows\eReg.dat
[2013/02/15 19:42:59 | 000,221,275 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013/02/15 19:42:58 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013/02/14 00:48:05 | 000,009,216 | ---- | C] () -- C:\Users\barb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/23 21:30:15 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\lwjgl.dll
[2013/01/23 21:30:15 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\jinput-dx8.dll
[2013/01/23 21:30:15 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\jinput-raw.dll
[2013/01/17 20:25:10 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/10/05 11:20:55 | 000,000,024 | ---- | C] () -- C:\Users\barb\random.dat
[2012/10/05 11:20:54 | 000,000,043 | ---- | C] () -- C:\Users\barb\jagex_cl_runescape_LIVE.dat
[2012/10/05 11:20:36 | 000,000,024 | ---- | C] () -- C:\Users\barb\jagexappletviewer.preferences
[2012/09/25 20:19:52 | 000,000,225 | ---- | C] () -- C:\Users\barb\AppData\Roaming\My Profile.xml
[2012/08/26 16:32:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/07/05 17:22:26 | 000,003,711 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/23 12:23:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/11 12:01:50 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/11 11:23:14 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/05 09:05:15 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\.minecraft
[2013/06/11 08:42:31 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\.mono
[2013/07/31 10:15:20 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\.technic
[2012/11/12 16:36:20 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\.techniclauncher
[2013/07/03 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\4 Friends Games
[2013/06/27 08:19:04 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\AlawarEntertainment
[2012/10/13 07:10:51 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Artifex Mundi
[2013/01/01 02:03:31 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Awesomium
[2013/04/16 01:04:54 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Barnes & Noble
[2012/09/25 20:58:03 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Blackboard
[2013/03/29 03:23:51 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\BlamGames
[2013/07/08 10:37:36 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\DAEMON Tools Lite
[2013/06/29 10:53:10 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\DarknessII
[2013/05/05 07:11:05 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Elephant Games
[2013/02/02 00:03:49 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Elluminate
[2013/05/06 03:19:00 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\ERS Game Studios
[2013/07/22 20:31:17 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\FileZilla
[2013/05/12 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\ftblauncher
[2012/10/16 05:18:16 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\GameNuttPackages
[2013/07/21 01:09:10 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\IObit
[2013/07/01 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\L.A.Noire
[2012/08/26 17:15:25 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\LolClient
[2013/07/09 09:08:50 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\MediaArt
[2013/07/13 11:19:39 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Natural Selection 2
[2013/01/02 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Need for Speed World
[2013/04/05 19:14:19 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\NeopleLauncherDFO
[2013/07/18 10:53:49 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Notepad++
[2012/08/08 21:16:57 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Oberon Media
[2013/04/15 19:00:54 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Old_Skype
[2012/07/22 16:26:34 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\OverDrive
[2012/09/05 07:32:08 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Philipp Winterberg
[2013/05/04 10:13:12 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Play withSIX
[2013/04/22 18:35:19 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\PrivateTunnel
[2013/03/04 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\raidcall
[2012/11/27 22:47:56 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\RCKR
[2012/08/08 21:19:06 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\ReelDealVampireAdventure
[2013/03/25 14:15:33 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\RenPy
[2013/03/24 00:24:35 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\savedata
[2013/01/06 22:20:40 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Screaming Bee
[2013/05/02 14:05:31 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SecondLife
[2012/11/22 21:30:51 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SEGA
[2013/01/10 01:45:13 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\ShopAtHome
[2012/07/08 14:20:10 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SNS
[2013/01/27 23:42:38 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SoftGrid Client
[2013/04/09 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SplitMediaLabs
[2013/06/13 11:10:34 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Spore
[2013/06/27 08:34:54 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Spotify
[2013/06/03 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\TeamViewer
[2013/01/16 19:03:42 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Theta
[2012/07/22 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\TP
[2013/08/05 11:49:12 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\TS3Client
[2012/09/21 16:55:54 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\TuneUp Software
[2013/02/23 21:56:13 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Unity
[2013/08/05 00:02:47 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\uTorrent
[2012/10/20 09:53:31 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Windows Live Writer
[2013/01/26 02:17:26 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/10/13 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/26 02:17:26 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012/10/13 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 260 bytes -> C:\ProgramData\Temp:A7C40691
@Alternate Data Stream - 255 bytes -> C:\ProgramData\Temp:B3A5945E
@Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:3C4BD225
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:997DA6D7
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:CE3AADB7
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:EC3A9923
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:1AC933DC
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:F2E92DCD
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9836B5E4
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:00F3978A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:95D421DF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4B325725
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EC752217
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:92BD9737
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:02172F27
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:96372A73
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E3E91030
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3241739E


< End of report >
 
You must log in or register to reply here.

Similar threads

midian182
BMW will add humanoid robots to its manufacturing plants, raising concerns over potential...
Replies
7
Views
252
loki1944
L
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
midian182
  • Locked
Sam Bankman-Fried has been sentenced to 25 years in prison
2
Replies
33
Views
516
Squid Surprise
Squid Surprise

Latest posts

Back