TechSpot

Possible svchost.exe problem, unsure though.

Solved
By Austin Mahar
Aug 3, 2013
  1. Basically my wireless connection disables itself like once a day. If I try to disable and re-enable the enable will not enable. If I shut down after trying to re-enable it will be an endless "shutting down..." screen. I run in high performance mode and always have the charger plugged in so it's not deactivating because of saving power. I use Advanced System Care Pro 6.3 and Sunbelt's VIPRE. Advanced System Care catches a lot of Registry Errors every day. I went on a windows site and they wanted me to pay them like $100 dollars to fix the computer and they are also the ones that found some svchost.exe stealth thing in red text on the command prompt. They also found out a lot of services were stopped. I was ignoring the disabling itself and not getting help because it only happened like once a day. Today it happened three times in a row so I have come to look for help. Help me Tech spot! You're my only hope!
     
  2. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    Also I must add that command prompt does flash on the screen for like a second when I get to the desktop after logging into the computer
     
  3. Broni

    Broni Malware Annihilator Posts: 47,701   +268

    Welcome aboard [​IMG]

    Please complete all steps listed here: http://www.suggest-a-fix.com/index.php?/topic/11-new-malware-posting-guidelines/
    Create new topic here: http://www.suggest-a-fix.com/index....iruses-trojans-spyware-and-browser-hijacking/

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Uninstall Advanced System Care, which may by one of the reasons for your troubles.

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

     
  4. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    I have deleted my Registry Cleaners and made the post on suggest a fix. I will do the Malware bytes anti malware scan, VIPRE scan, DDS; and give you the logs after I wake up tomorrow. Thanks for the help
     
  5. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    Also I have the Pro version of Malwarebyes if that helps/makes things worse.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,701   +268

    Just follow my instructions.
    I closed your topic at SAF.
     
  7. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.04.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16635
    barb :: BARB-PC [administrator]

    Protection: Enabled

    8/4/2013 2:53:07 PM
    mbam-log-2013-08-04 (14-53-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225428
    Time elapsed: 13 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www1.delta-search.com/?babsrc=HP_ss&mntrId=4628000078BBA9E1&affID=119351&tsp=4948) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 12
    C:\Users\barb\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

    Files Detected: 32
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Windows\Installer\17d56e.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Windows\Installer\17d575.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Windows\Installer\17d57c.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Users\barb\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

    (end)
    Mbam Logs ^
     
  8. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
    Run by barb at 17:09:41 on 2013-08-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3602 [GMT -4:00]
    .
    AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    FW: Sunbelt VIPRE *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
    C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
    C:\Users\barb\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Users\barb\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\sc.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=TJ&userid=686bf4f2-e811-4f5e-8d2e-f532f02cbe03&searchtype=ds&q={searchTerms}&installDate=22/06/2013
    uSearch Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=TJ&userid=686bf4f2-e811-4f5e-8d2e-f532f02cbe03&searchtype=ds&q={searchTerms}&installDate=22/06/2013
    uSearchAssistant = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=TJ&userid=686bf4f2-e811-4f5e-8d2e-f532f02cbe03&searchtype=ds&q={searchTerms}&installDate=22/06/2013
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Akamai NetSession Interface] "C:\Users\barb\AppData\Local\Akamai\netsession_win.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{A2842DCA-53DF-4CB7-AD33-52F4A3AD0778} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{A2842DCA-53DF-4CB7-AD33-52F4A3AD0778}\7756374756C6C663930313 : DHCPNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - <Clsid value has no data>
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - <Clsid value has no data>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\barb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\barb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\barb\AppData\Roaming\raidcall\plugins\nprcplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-07-18 18:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-07-26 18:08; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    FF - ExtSQL: !HIDDEN! 2013-02-15 18:51; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 4628cb59000000000000000078bba9e1
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15905
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.59:54:10
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4948
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2013-7-21 37472]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-4 39768]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-4 283200]
    R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2013-7-18 253528]
    R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2013-7-18 55384]
    R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2013-7-18 94296]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-11 204288]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-11 353360]
    R2 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-6-23 872552]
    R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-8-11 244624]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-3 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-3 701512]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-5-11 72280]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-21 96768]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-11 142632]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-11 77424]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-3 25928]
    R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2013-7-18 84568]
    R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-23 47232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; [x]
    S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-7-15 21656]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-10 19456]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-11 250984]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-8-11 1142376]
    S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2013-7-18 84568]
    S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2013-7-18 60504]
    S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]
    S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-10 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-10 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2012-12-15 21504]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
    .
    =============== Created Last 30 ================
    .
    2013-08-04 03:20:39--------d-----w-C:\Program Files\CCleaner
    2013-08-04 03:13:5325928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-08-04 03:13:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-08-04 00:06:19--------d-----w-C:\Users\barb\AppData\Local\Akamai
    2013-08-04 00:06:14--------d-----w-C:\AeriaGames
    2013-08-03 16:47:00--------d-----w-C:\Program Files (x86)\WB Games
    2013-08-02 21:13:01--------d-----w-C:\ProgramData\BlueStacksSetup
    2013-07-29 12:58:50--------d-----w-C:\Users\barb\AppData\Local\LogMeIn Hamachi
    2013-07-27 16:54:57--------d-----w-C:\Users\barb\AppData\Local\PAYDAY 2
    2013-07-26 15:30:29--------d-----w-C:\Users\barb\AppData\Local\PAYDAY
    2013-07-23 17:00:58--------d-----w-C:\GOG Games
    2013-07-22 14:44:58--------d-----w-C:\MATS
    2013-07-21 20:50:13--------d-----w-C:\Users\barb\AppData\Roaming\Malwarebytes
    2013-07-21 20:50:00--------d-----w-C:\ProgramData\Malwarebytes
    2013-07-21 17:46:12--------d-----w-C:\Windows\System32\MRT
    2013-07-21 14:35:58--------d-----w-C:\Program Files (x86)\SecondLifeViewer
    2013-07-21 05:13:2996768----a-w-C:\Windows\System32\drivers\AtihdW76.sys
    2013-07-21 05:13:29110080----a-w-C:\Windows\System32\DelayAPO.dll
    2013-07-21 05:13:1937472----a-w-C:\Windows\System32\drivers\amdkmpfd.sys
    2013-07-20 14:15:53--------d-----w-C:\Users\barb\AppData\Local\{CD0A2B13-45F3-4ADE-B707-D487D2108FBD}
    2013-07-19 13:54:27--------d-----w-C:\ProgramData\BrowserDefender
    2013-07-19 13:54:10--------d-----w-C:\ProgramData\Pivot Animator
    2013-07-19 13:53:44--------d-----w-C:\Program Files (x86)\Safe Saver
    2013-07-19 13:53:22--------d-----w-C:\Program Files (x86)\Pivot Animator
    2013-07-19 01:09:24--------d-----w-C:\Users\barb\AppData\Roaming\Sunbelt
    2013-07-19 01:09:24--------d-----w-C:\ProgramData\Sunbelt
    2013-07-19 01:08:4360504----a-w-C:\Windows\System32\drivers\sbhips.sys
    2013-07-19 01:08:4294296----a-w-C:\Windows\System32\drivers\sbtis.sys
    2013-07-19 01:08:2584568----a-w-C:\Windows\System32\drivers\SbFwIm.sys
    2013-07-19 01:08:24253528----a-w-C:\Windows\System32\drivers\SbFw.sys
    2013-07-19 01:08:2355384----a-w-C:\Windows\System32\drivers\sbredrv.sys
    2013-07-19 01:08:2345904----a-w-C:\Windows\System32\sbbd.exe
    2013-07-19 01:08:21--------d-----w-C:\Program Files (x86)\Sunbelt Software
    2013-07-19 01:05:16--------d-----w-C:\Users\barb\AppData\Local\Avg2013
    2013-07-18 19:45:543----a-w-C:\Users\barb\AppData\Roaming\ispnetkey.dll
    2013-07-18 19:45:54--------d-----w-C:\ProgramData\KeyExtender
    2013-07-18 15:58:40--------d-----w-C:\Users\barb\AppData\Local\{A6B9B7AC-8CDE-4C69-B7DB-BF70F6EBADC2}
    2013-07-15 15:12:4921656----a-w-C:\Windows\System32\drivers\evolve.sys
    2013-07-15 15:12:42--------d-----w-C:\Program Files\Echobit
    2013-07-15 15:10:41--------d-----w-C:\ProgramData\Echobit
    2013-07-15 15:10:38--------d-----w-C:\Users\barb\AppData\Local\Echobit
    2013-07-15 10:46:3996168----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-15 03:21:31--------d-----w-C:\Program Files (x86)\osu!
    2013-07-12 12:40:14--------d-----w-C:\Users\barb\AppData\Local\My Games
    2013-07-10 16:35:05--------d-----w-C:\Users\barb\AppData\Roaming\Natural Selection 2
    2013-07-10 14:06:45--------d-----w-C:\Users\barb\AppData\Local\CrashRpt
    2013-07-10 13:50:46282512----a-w-C:\Windows\SysWow64\PnkBstrB.exe
    2013-07-10 13:50:4276888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
    2013-07-10 13:44:14--------d-----w-C:\Program Files (x86)\Microsoft Chart Controls
    2013-07-10 01:59:299216----a-w-C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
    2013-07-10 01:59:29571904----a-w-C:\Program Files\Windows Defender\MpClient.dll
    2013-07-10 01:59:2954784----a-w-C:\Program Files (x86)\Windows Defender\MpOAV.dll
    2013-07-10 01:59:294608----a-w-C:\Program Files (x86)\Windows Defender\MsMpLics.dll
    2013-07-10 01:59:29392704----a-w-C:\Program Files (x86)\Windows Defender\MpClient.dll
    2013-07-10 01:59:29314880----a-w-C:\Program Files\Windows Defender\MpCommu.dll
    2013-07-10 01:59:291011712----a-w-C:\Program Files\Windows Defender\MpSvc.dll
    2013-07-10 01:57:59701952----a-w-C:\Program Files\Internet Explorer\ieproxy.dll
    2013-07-10 01:56:40624128----a-w-C:\Windows\System32\qedit.dll
    2013-07-10 01:56:40509440----a-w-C:\Windows\SysWow64\qedit.dll
    2013-07-10 01:48:391732608----a-w-C:\Program Files\Windows Journal\NBDoc.DLL
    2013-07-10 01:48:391402880----a-w-C:\Program Files\Windows Journal\JNWDRV.dll
    2013-07-10 01:48:391393152----a-w-C:\Program Files\Windows Journal\JNTFiltr.dll
    2013-07-10 01:48:38936448----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-10 01:48:381367040----a-w-C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-10 01:48:131887744----a-w-C:\Windows\System32\WMVDECOD.DLL
    2013-07-10 01:48:131620480----a-w-C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-10 01:48:001643520----a-w-C:\Windows\System32\DWrite.dll
    2013-07-10 01:48:001247744----a-w-C:\Windows\SysWow64\DWrite.dll
    2013-07-09 13:08:50--------d-----w-C:\Users\barb\AppData\Roaming\MediaArt
    2013-07-09 13:08:50--------d-----w-C:\ProgramData\MediaArt
    2013-07-09 13:04:47--------d-----w-C:\Program Files (x86)\Love Story - The Way Home
    2013-07-09 11:59:10--------d-----w-C:\Users\barb\AppData\Local\Big Fish
    2013-07-09 11:59:09--------d-----w-C:\BigFishCache
    2013-07-08 14:50:16--------d-----w-C:\Users\barb\AppData\Local\Skyrim
    2013-07-06 23:27:33--------d-----w-C:\Program Files (x86)\TERA
    2013-07-06 23:27:28--------d-----w-C:\Users\barb\AppData\Local\TERA
    2013-07-06 17:57:24--------d-----w-C:\Program Files (x86)\2K Games
    2013-07-06 14:35:19--------d-----w-C:\Program Files (x86)\FTL
    .
    ==================== Find3M ====================
    .
    2013-07-25 02:11:5871048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-25 02:11:58692104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-15 10:46:30867240----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2013-07-15 10:46:30789416----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-07-10 14:15:42281032----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
    2013-07-10 14:12:42281032----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
    2013-07-10 01:58:493153920----a-w-C:\Windows\System32\win32k.sys
    2013-07-10 01:58:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-07-10 01:58:032706432----a-w-C:\Windows\System32\mshtml.tlb
    2013-07-10 01:58:0267072----a-w-C:\Windows\System32\iesetup.dll
    2013-07-10 01:58:0261440----a-w-C:\Windows\SysWow64\iesetup.dll
    2013-07-10 01:58:012877440----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-07-10 01:58:003958784----a-w-C:\Windows\System32\jscript9.dll
    2013-07-10 01:58:002241024----a-w-C:\Windows\System32\wininet.dll
    2013-07-10 01:58:001767936----a-w-C:\Windows\SysWow64\wininet.dll
    2013-07-10 01:57:57136704----a-w-C:\Windows\System32\iesysprep.dll
    2013-07-10 01:57:57109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2013-07-10 01:57:5389600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-10 01:57:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-06-21 01:09:4642184----a-w-C:\Windows\System32\drivers\taphss6.sys
    2013-06-12 18:15:449089416----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-06-11 19:00:031910632----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-06-11 18:59:46751104----a-w-C:\Windows\System32\win32spl.dll
    2013-06-11 18:59:46492544----a-w-C:\Windows\SysWow64\win32spl.dll
    2013-06-11 18:59:2230720----a-w-C:\Windows\System32\cryptdlg.dll
    2013-06-11 18:59:2224576----a-w-C:\Windows\SysWow64\cryptdlg.dll
    2013-06-11 18:58:401887232----a-w-C:\Windows\System32\d3d11.dll
    2013-06-11 18:58:401505280----a-w-C:\Windows\SysWow64\d3d11.dll
    2013-06-11 18:58:251424384----a-w-C:\Windows\System32\WindowsCodecs.dll
    2013-06-11 18:58:251230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
    2013-06-11 18:57:55903168----a-w-C:\Windows\SysWow64\certutil.exe
    2013-06-11 18:57:5552224----a-w-C:\Windows\System32\certenc.dll
    2013-06-11 18:57:5543008----a-w-C:\Windows\SysWow64\certenc.dll
    2013-06-11 18:57:551464320----a-w-C:\Windows\System32\crypt32.dll
    2013-06-11 18:57:551192448----a-w-C:\Windows\System32\certutil.exe
    2013-06-11 18:57:551160192----a-w-C:\Windows\SysWow64\crypt32.dll
    2013-06-11 18:57:54184320----a-w-C:\Windows\System32\cryptsvc.dll
    2013-06-11 18:57:54140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2013-06-11 18:57:54139776----a-w-C:\Windows\System32\cryptnet.dll
    2013-06-11 18:57:54103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2013-06-09 03:45:29707354----a-w-C:\Windows\unins000.exe
    2013-05-10 16:01:41275360----a-w-C:\Windows\System32\DreamScene.dll
    2013-05-10 04:43:13275360----a-w-C:\Windows\System32\DreamScene.dll.9641
    .
    ============= FINISH: 17:12:23.65 ===============
    DDS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     
  9. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/23/2012 9:53:50 AM
    System Uptime: 8/4/2013 5:05:21 PM (0 hours ago)
    .
    Motherboard: Gateway | | SJV70-SB
    Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 1400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 123.398 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 465.653 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Avnex Virtual Audio Device
    Device ID: ROOT\MEDIA\0000
    Manufacturer: AVNEX Ltd.
    Name: Avnex Virtual Audio Device
    PNP Device ID: ROOT\MEDIA\0000
    Service: VCSVADHWSer
    .
    ==== System Restore Points ===================
    .
    RP218: 7/30/2013 1:08:15 PM - Installed DirectX
    RP219: 8/2/2013 10:33:45 AM - Installed osu!
    RP220: 8/2/2013 5:55:10 PM - Removed BlueStacks Notification Center
    RP221: 8/3/2013 5:35:54 PM - Removed LogMeIn Hamachi
    .
    ==== Installed Programs ======================
    .
    µTorrent
    1400
    1400_Help
    1400Trb
    64 Bit HP CIO Components Installer
    Ace of Spades
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.7)
    Agatha Christie - Death on the Nile
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    Akamai NetSession Interface
    AMD APP SDK Runtime
    AMD System Monitor
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Application Profiles
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    ATI Catalyst Install Manager
    AviSynth 2.5
    Backup Manager V3
    Bandisoft MPEG-1 Decoder
    Bejeweled 2 Deluxe
    Big Fish Games: Game Manager
    Bonjour
    Borderlands 2
    BufferChm
    Build-a-lot 4 - Power Source
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Chronicles of Albian
    Chuzzle Deluxe
    cleosviproom
    Comic Sound Pack
    Copy
    Counter-Strike: Source
    Cradle of Rome 2
    D3DX10
    DAEMON Tools Lite
    Dead Island
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    Destinations
    DeviceDiscovery
    Dishonored
    DocProc
    Dora's World Adventure
    DreamScene Seven version 1.6
    eBay Worldwide
    ETDWare PS/2-X64 8.0.6.3_WHQL
    Euro Truck Simulator 2
    European Mystery: Scent of Desire Collector’s Edition
    ExamGuard
    F.lux
    Facebook Video Calling 1.2.0.287
    Fairway ™ Collector's Edition
    Far Cry® 3
    FATE: The Cursed King
    Fax
    ffdshow v1.2.4496 [2012-12-13]
    Fierce Tales: The Dog's Heart Collector's Edition
    FileZilla Client 3.7.1.1
    Final Drive: Nitro
    Fraps (remove only)
    FTL version 1.03.1
    Galerie de photos Windows Live
    Game Dev Tycoon v1.3.9
    Garry's Mod
    Gateway Games
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Social Networks
    Gateway Updater
    Google Chrome
    Google Update Helper
    Governor of Poker 2 Premium Edition
    GPBaseService2
    gpedt.msc 1.0
    Grand Theft Auto IV
    Haali Media Splitter
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life: Opposing Force
    Hotline Miami
    House of 1000 Doors: Serpent Flame Collector's Edition
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart Essential 3.5
    HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Identity Card
    Internet Explorer Toolbar 4.6 by SweetPacks
    iTunes
    J2SE Runtime Environment 5.0
    Java 7 Update 25
    Java Auto Updater
    Java(TM) 7 (64-bit)
    Jewel Match 3
    Jewel Quest
    Junk Mail filter update
    L.A.Noire
    Launch Manager
    League of Legends
    Living Legends: Frozen Beauty Collector's Edition
    LogMeIn Hamachi
    Love Story: The Way Home
    Mabinogi
    Maestro: Music from the Void Collector's Edition
    Malwarebytes Anti-Malware version 1.75.0.1300
    MapleStory
    MarketResearch
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office PowerPoint 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft PowerPoint 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Word 2010
    Microsoft WSE 3.0 Runtime
    MorphVOX Pro
    Mozilla Firefox 22.0 (x86 en-US)
    Mozilla Maintenance Service
    MPC-HC 1.6.5.6366 (64-bit)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Case Files&reg;: Shadow Lake Collector's Edition
    Mystery of Mortlake Mansion
    Mystery Trackers: Four Aces Collector's Edition
    Natural Selection 2
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero Multimedia Suite 10 Essentials
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Network64
    Nexon Game Manager
    Nightmares from the Deep: The Cursed Heart Collector's Edition
    NOOK for PC
    Norton Online Backup
    Notepad++
    NVIDIA PhysX
    OCR Software by I.R.I.S. 13.0
    osu!
    OverDrive Media Console
    Pando Media Booster
    PAYDAY 2 Beta
    PAYDAY: The Heist
    Penguins!
    Pivot Animator version 4.1.9
    PlanetSide 2
    Plants vs. Zombies - Game of the Year
    Play withSIX
    Polar Bowler
    Polar Golfer
    Primal Carnage
    PunkBuster Services
    RaidCall
    Razer Game Booster
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    ReClock
    Redemption Cemetery: Grave Testimony Collector’s Edition
    Redemption Cemetery: Salvation of the Lost Collector's Edition
    Revo Uninstaller 1.94
    Rising Storm/Red Orchestra 2 Multiplayer
    Rockstar Games Social Club
    Rusty Hearts PWE
    Safe Saver
    Saints Row: The Third
    Scan
    Scribblenauts Unlimited
    SecondLifeViewer (remove only)
    Secrets of the Dark: Eclipse Mountain Collector's Edition
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
    SelectionLinks
    Seven Seas Solitaire
    Shop for HP Supplies
    Sid Meier's Civilization V
    Skype Click to Call
    Skype™ 6.6
    Slot Quest - The Vampire Lord
    Slots Inferno
    SmartWebPrinting
    SolutionCenter
    SPORE™
    Spotify
    Status
    Steam
    Surface: The Soaring City Collector's Edition
    SweetIM for Messenger 3.7
    TeamSpeak 3 Client
    TERA
    The Binding of Isaac
    The Elder Scrolls V: Skyrim
    The Lake House: Children of Silence
    The Sims™ 3 Diesel Stuff
    The Sims™ 3 Seasons
    The Sims™ 3 Town Life Stuff
    Times Reader
    Toolbox
    Torchlight
    Translator Fun Voice Pack
    TrayApp
    Unity Web Player
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    Update Installer for WildTangent Games App
    Update Manager for SweetPacks 1.0
    Uplay
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client for Windows x64
    Video Web Camera
    VIPRE Antivirus Premium
    Virtual Villagers 5 - New Believers
    Visual Studio 2010 x64 Redistributables
    WebReg
    Welcome Center
    WildTangent Games App (Gateway Games)
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (64-bit)
    XSplit
    Yontoo 1.10.02
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/4/2013 7:46:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
    8/4/2013 5:06:19 PM, Error: Service Control Manager [7000] - The vToolbarUpdater15.0.1 service failed to start due to the following error: The system cannot find the path specified.
    8/4/2013 5:06:10 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The system cannot find the path specified.
    8/4/2013 10:55:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    8/4/2013 10:54:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
    8/4/2013 10:54:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
    8/4/2013 10:53:56 AM, Error: Service Control Manager [7022] - The VIPRE Antivirus Premium service hung on starting.
    8/4/2013 10:53:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    8/4/2013 10:53:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
    8/4/2013 10:50:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    8/4/2013 10:50:12 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/4/2013 10:48:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    8/4/2013 10:48:24 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/4/2013 10:46:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Nero Update service to connect.
    8/4/2013 10:44:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    8/4/2013 10:44:19 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/4/2013 10:44:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SBAMSvc service.
    8/4/2013 10:42:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
    8/4/2013 10:41:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    8/4/2013 10:36:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    8/4/2013 10:36:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    8/4/2013 10:29:11 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8006138a10, 0xfffff800043e2518, 0xfffffa800639cc60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080413-46363-01.
    8/3/2013 6:02:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    8/3/2013 6:01:37 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/3/2013 6:01:37 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
    8/3/2013 5:37:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    8/3/2013 5:37:07 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/3/2013 10:58:54 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).
    8/1/2013 10:04:49 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    .
    ==== End Of File ===========================
    Attach ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^6
     
  10. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    Lastly I'll add that VIPRE only got a single adware.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,701   +268

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
     
  12. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    I ran rougue killer twice as I had applications closed and memory told me to run it twice when in fact I was supposed to run MBAR twice, which I also did. These are the Rogue Killer Logs I have.


    RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : barb [Admin rights]
    Mode : Scan -- Date : 08/04/2013 19:07:52
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 7 ¤¤¤
    [V1][ROGUE ST] Safe Saver-firefoxinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> FOUND
    [V1][ROGUE ST] Safe Saver-chromeinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> FOUND
    [V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
    [V2][ROGUE ST] 4588 : wscript.exe - C:\Users\barb\AppData\Local\Temp\launchie.vbs //B -> FOUND
    [V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
    [V2][ROGUE ST] Safe Saver-chromeinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> FOUND
    [V2][ROGUE ST] Safe Saver-firefoxinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 support.leagueoflegends.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++
    --- User ---
    [MBR] a42d33275e2634a2505887232733fcd7
    [BSP] e022f3aef868e037529804933c79e494 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD5000BPVT-22HXZT3 ATA Device +++++


    RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : barb [Admin rights]
    Mode : Remove -- Date : 08/04/2013 19:11:30
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 7 ¤¤¤
    [V1][ROGUE ST] Safe Saver-firefoxinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> DELETED
    [V1][ROGUE ST] Safe Saver-chromeinstaller.job : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> DELETED
    [V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED
    [V2][ROGUE ST] 4588 : wscript.exe - C:\Users\barb\AppData\Local\Temp\launchie.vbs //B -> DELETED
    [V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> ERROR DELETING TASK
    [V2][ROGUE ST] Safe Saver-chromeinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-chromeinstaller.exe - /installcrx /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.crx' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=mehnejgknjfgfdmijlaloodhdgnbgdgn /extensionversion=1.23.29 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh8zr3vZG2sEyTC0s09rpLQje4YuZMMcPUWbgJ8HLXy085wOJzhmtrMQzxRhBa9NGavjCnLFH9h6NTZnpKa317RRUFOVrat+pOLMxCox+qPZgLyHgk91mjc/6MjTnesAmSt9BKY4egsqAuIxOiE+kX6vDyqXceiz/QXQKhg4WqSQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x] -> ERROR DELETING TASK
    [V2][ROGUE ST] Safe Saver-firefoxinstaller : C:\Program Files (x86)\Safe Saver\Safe Saver-firefoxinstaller.exe - /installxpi /agentregpath='Safe Saver' /extensionfilepath='C:\Program Files (x86)\Safe Saver\33254.xpi' /appid=33254 /srcid='000198' /subid='0' /zdata='0' /bic=CCCAF07341AC4BCFA3C529B88639D2AAIE /verifier=345a69e40f98ae15b390783aa8e5b1b9 /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1374242018 /statsdomain=hxxp://stats.statsdatasrv.com /errorsdomain=hxxp://errors.statsdatasrv.com /waitforbrowser=300 /extensionid=588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com /extensionversion=0.91 /prefsbranch=a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33254.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x][x] -> ERROR DELETING TASK

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 support.leagueoflegends.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++
    --- User ---
    [MBR] a42d33275e2634a2505887232733fcd7
    [BSP] e022f3aef868e037529804933c79e494 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD5000BPVT-22HXZT3 ATA Device +++++
    --- User ---
    [MBR] 2b3ececb0af104c1db147dc39f36473f
    [BSP] 73a0540af52ba32a36713747d032a552 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_08042013_191130.txt >>
    RKreport[0]_S_08042013_190752.txt


    RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : barb [Admin rights]
    Mode : Scan -- Date : 08/04/2013 19:16:34
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 support.leagueoflegends.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++
    --- User ---
    [MBR] a42d33275e2634a2505887232733fcd7
    [BSP] e022f3aef868e037529804933c79e494 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD5000BPVT-22HXZT3 ATA Device +++++
    --- User ---
    [MBR] 2b3ececb0af104c1db147dc39f36473f
    [BSP] 73a0540af52ba32a36713747d032a552 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_08042013_191634.txt >>
    RKreport[0]_D_08042013_191130.txt;RKreport[0]_S_08042013_190752.txt


    The RK_Quarantine Folder has 2 HKEY local machine software micro...'s
    Physical Drive0_User.dat
    PhysicalDrive1_user.dat
    and the rogue killer configuration settings
     
  13. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    Also Mbar found no maleware and said no cleanup was required.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,701   +268

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  15. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    ComboFix 13-08-04.01 - barb 08/04/2013 22:03:17.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.4197 [GMT -4:00]
    Running from: c:\users\barb\Desktop\ComboFix.exe
    AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
    FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
    SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\barb\AppData\Local\assembly\tmp
    c:\users\barb\AppData\Local\Temp\wrd-15f4-17e8-980984.~lk\0.mdd
    c:\users\barb\AppData\Local\Temp\wrd-15f4-17e8-980984.~lk\1.mdd
    c:\users\barb\AppData\Local\Temp\wrd-15f4-17e8-980984.~lk\2.mdd
    c:\users\barb\AppData\Local\Temp\wrd-15f4-17e8-980984.~lk\3.mdd
    c:\users\barb\AppData\Roaming\ispnetkey.dll
    c:\windows\SysWow64\d3dx10_43.dll.tmp
    c:\windows\SysWow64\frapsvid.dll
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-07-05 to 2013-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2013-08-05 02:15 . 2013-08-05 02:15--------d-----w-c:\users\Default\AppData\Local\temp
    2013-08-04 23:27 . 2013-08-05 00:03--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-08-04 03:20 . 2013-08-04 03:22--------d-----w-c:\program files\CCleaner
    2013-08-04 03:13 . 2013-08-04 03:13--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-08-04 03:13 . 2013-04-04 18:5025928----a-w-c:\windows\system32\drivers\mbam.sys
    2013-08-04 00:06 . 2013-08-04 00:09--------d-----w-c:\users\barb\AppData\Local\Akamai
    2013-08-04 00:06 . 2013-08-04 00:06--------d-----w-C:\AeriaGames
    2013-08-03 16:47 . 2013-08-03 16:47--------d-----w-c:\program files (x86)\WB Games
    2013-08-02 21:13 . 2013-08-02 21:16--------d-----w-c:\programdata\BlueStacksSetup
    2013-07-29 12:58 . 2013-08-03 20:15--------d-----w-c:\users\barb\AppData\Local\LogMeIn Hamachi
    2013-07-27 16:56 . 2013-07-27 16:56--------d-----w-c:\program files (x86)\AGEIA Technologies
    2013-07-27 16:54 . 2013-07-28 15:35--------d-----w-c:\users\barb\AppData\Local\PAYDAY 2
    2013-07-26 15:30 . 2013-07-26 15:30--------d-----w-c:\users\barb\AppData\Local\PAYDAY
    2013-07-23 17:00 . 2013-07-23 17:00--------d-----w-C:\GOG Games
    2013-07-22 14:44 . 2013-07-22 14:44--------d-----w-C:\MATS
    2013-07-21 20:50 . 2013-07-21 20:50--------d-----w-c:\users\barb\AppData\Roaming\Malwarebytes
    2013-07-21 20:50 . 2013-07-21 20:50--------d-----w-c:\programdata\Malwarebytes
    2013-07-21 17:46 . 2013-07-21 17:54--------d-----w-c:\windows\system32\MRT
    2013-07-21 14:35 . 2013-07-21 14:36--------d-----w-c:\program files (x86)\SecondLifeViewer
    2013-07-21 05:13 . 2013-02-14 23:4196768----a-w-c:\windows\system32\drivers\AtihdW76.sys
    2013-07-21 05:13 . 2013-02-14 23:40110080----a-w-c:\windows\system32\DelayAPO.dll
    2013-07-21 05:13 . 2013-02-14 12:3337472----a-w-c:\windows\system32\drivers\amdkmpfd.sys
    2013-07-19 13:54 . 2013-08-04 19:08--------d-----w-c:\programdata\BrowserDefender
    2013-07-19 13:54 . 2013-07-19 13:54--------d-----w-c:\programdata\Pivot Animator
    2013-07-19 13:53 . 2013-08-03 20:38--------d-----w-c:\program files (x86)\Safe Saver
    2013-07-19 13:53 . 2013-07-19 13:53--------d-----w-c:\program files (x86)\Pivot Animator
    2013-07-19 01:09 . 2013-07-19 01:09--------d-----w-c:\users\barb\AppData\Roaming\Sunbelt
    2013-07-19 01:09 . 2013-07-19 01:09--------d-----w-c:\programdata\Sunbelt
    2013-07-19 01:08 . 2011-04-05 21:3560504----a-w-c:\windows\system32\drivers\sbhips.sys
    2013-07-19 01:08 . 2011-04-05 21:3594296----a-w-c:\windows\system32\drivers\sbtis.sys
    2013-07-19 01:08 . 2011-02-08 13:1484568----a-w-c:\windows\system32\drivers\SbFwIm.sys
    2013-07-19 01:08 . 2011-04-05 21:35253528----a-w-c:\windows\system32\drivers\SbFw.sys
    2013-07-19 01:08 . 2011-05-11 20:5545904----a-w-c:\windows\system32\sbbd.exe
    2013-07-19 01:08 . 2011-04-29 18:1555384----a-w-c:\windows\system32\drivers\sbredrv.sys
    2013-07-19 01:08 . 2013-07-19 01:08--------d-----w-c:\program files (x86)\Sunbelt Software
    2013-07-19 01:05 . 2013-07-19 01:06--------d-----w-c:\users\barb\AppData\Local\Avg2013
    2013-07-18 22:30 . 2013-07-18 22:30--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
    2013-07-18 19:45 . 2013-07-18 19:45--------d-----w-c:\programdata\KeyExtender
    2013-07-18 14:53 . 2013-07-18 14:53--------d-----w-c:\users\barb\AppData\Roaming\Notepad++
    2013-07-18 14:53 . 2013-07-18 14:53--------d-----w-c:\program files (x86)\Notepad++
    2013-07-15 15:12 . 2013-07-15 15:1221656----a-w-c:\windows\system32\drivers\evolve.sys
    2013-07-15 15:12 . 2013-07-15 15:12--------d-----w-c:\program files\Echobit
    2013-07-15 15:10 . 2013-07-15 15:10--------d-----w-c:\programdata\Echobit
    2013-07-15 15:10 . 2013-07-15 15:10--------d-----w-c:\users\barb\AppData\Local\Echobit
    2013-07-15 10:46 . 2013-07-15 10:4696168----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-15 03:21 . 2013-08-02 22:11--------d-----w-c:\program files (x86)\osu!
    2013-07-13 17:33 . 2013-07-18 23:50--------d-----w-c:\users\fbwuser
    2013-07-13 17:32 . 2013-07-23 00:31--------d-----w-c:\users\barb\AppData\Roaming\FileZilla
    2013-07-13 17:32 . 2013-07-13 17:32--------d-----w-c:\program files (x86)\FileZilla FTP Client
    2013-07-12 12:40 . 2013-07-12 12:40--------d-----w-c:\users\barb\AppData\Local\My Games
    2013-07-10 16:35 . 2013-07-13 15:19--------d-----w-c:\users\barb\AppData\Roaming\Natural Selection 2
    2013-07-10 14:06 . 2013-07-10 14:06--------d-----w-c:\users\barb\AppData\Local\CrashRpt
    2013-07-10 13:50 . 2013-07-13 11:32282512----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2013-07-10 13:50 . 2013-07-13 11:3276888----a-w-c:\windows\SysWow64\PnkBstrA.exe
    2013-07-10 13:44 . 2013-07-10 13:44--------d-----w-c:\program files (x86)\Microsoft Chart Controls
    2013-07-10 01:59 . 2013-07-10 01:599216----a-w-c:\program files (x86)\Windows Defender\MpAsDesc.dll
    2013-07-10 01:59 . 2013-07-10 01:59571904----a-w-c:\program files\Windows Defender\MpClient.dll
    2013-07-10 01:59 . 2013-07-10 01:5954784----a-w-c:\program files (x86)\Windows Defender\MpOAV.dll
    2013-07-10 01:59 . 2013-07-10 01:594608----a-w-c:\program files (x86)\Windows Defender\MsMpLics.dll
    2013-07-10 01:59 . 2013-07-10 01:59392704----a-w-c:\program files (x86)\Windows Defender\MpClient.dll
    2013-07-10 01:59 . 2013-07-10 01:59314880----a-w-c:\program files\Windows Defender\MpCommu.dll
    2013-07-10 01:59 . 2013-07-10 01:591011712----a-w-c:\program files\Windows Defender\MpSvc.dll
    2013-07-10 01:57 . 2013-07-10 01:57701952----a-w-c:\program files\Internet Explorer\ieproxy.dll
    2013-07-10 01:56 . 2013-07-10 01:56624128----a-w-c:\windows\system32\qedit.dll
    2013-07-10 01:56 . 2013-07-10 01:56509440----a-w-c:\windows\SysWow64\qedit.dll
    2013-07-10 01:48 . 2013-07-10 01:481732608----a-w-c:\program files\Windows Journal\NBDoc.DLL
    2013-07-10 01:48 . 2013-07-10 01:481402880----a-w-c:\program files\Windows Journal\JNWDRV.dll
    2013-07-10 01:48 . 2013-07-10 01:481393152----a-w-c:\program files\Windows Journal\JNTFiltr.dll
    2013-07-10 01:48 . 2013-07-10 01:48936448----a-w-c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-10 01:48 . 2013-07-10 01:481367040----a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-10 01:48 . 2013-07-10 01:481887744----a-w-c:\windows\system32\WMVDECOD.DLL
    2013-07-10 01:48 . 2013-07-10 01:481620480----a-w-c:\windows\SysWow64\WMVDECOD.DLL
    2013-07-10 01:48 . 2013-07-10 01:481643520----a-w-c:\windows\system32\DWrite.dll
    2013-07-10 01:48 . 2013-07-10 01:481247744----a-w-c:\windows\SysWow64\DWrite.dll
    2013-07-09 13:08 . 2013-07-09 13:08--------d-----w-c:\users\barb\AppData\Roaming\MediaArt
    2013-07-09 13:08 . 2013-07-09 13:08--------d-----w-c:\programdata\MediaArt
    2013-07-09 13:04 . 2013-07-09 13:06--------d-----w-c:\program files (x86)\Love Story - The Way Home
    2013-07-09 11:59 . 2013-07-09 11:59--------d-----w-c:\users\barb\AppData\Local\Big Fish
    2013-07-09 11:59 . 2013-07-09 11:59--------d-----w-C:\BigFishCache
    2013-07-08 14:50 . 2013-07-11 15:05--------d-----w-c:\users\barb\AppData\Local\Skyrim
    2013-07-06 23:27 . 2013-07-30 23:58--------d-----w-c:\program files (x86)\TERA
    2013-07-06 23:27 . 2013-07-06 23:30--------d-----w-c:\users\barb\AppData\Local\TERA
    2013-07-06 17:57 . 2013-07-06 17:57--------d-----w-c:\program files (x86)\2K Games
    2013-07-06 14:35 . 2013-07-06 14:35--------d-----w-c:\program files (x86)\FTL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-25 02:11 . 2012-07-05 21:44692104----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-07-25 02:11 . 2011-08-11 16:3671048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-15 10:46 . 2012-12-14 08:33867240----a-w-c:\windows\SysWow64\npdeployJava1.dll
    2013-07-15 10:46 . 2012-12-14 08:33789416----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-07-10 14:15 . 2013-06-15 20:07281032----a-w-c:\windows\SysWow64\PnkBstrB.xtr
    2013-07-10 14:12 . 2013-06-15 20:03281032----a-w-c:\windows\SysWow64\PnkBstrB.ex0
    2013-06-24 04:57 . 2013-04-16 05:1578277128----a-w-c:\windows\system32\MRT.exe
    2013-06-21 01:09 . 2013-06-21 01:0942184----a-w-c:\windows\system32\drivers\taphss6.sys
    2013-06-12 18:15 . 2013-06-12 17:169089416----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-06-11 19:00 . 2013-06-11 19:001910632----a-w-c:\windows\system32\drivers\tcpip.sys
    2013-06-11 18:59 . 2013-06-11 18:59751104----a-w-c:\windows\system32\win32spl.dll
    2013-06-11 18:59 . 2013-06-11 18:59492544----a-w-c:\windows\SysWow64\win32spl.dll
    2013-06-11 18:59 . 2013-06-11 18:5930720----a-w-c:\windows\system32\cryptdlg.dll
    2013-06-11 18:59 . 2013-06-11 18:5924576----a-w-c:\windows\SysWow64\cryptdlg.dll
    2013-06-11 18:58 . 2013-06-11 18:581887232----a-w-c:\windows\system32\d3d11.dll
    2013-06-11 18:58 . 2013-06-11 18:581505280----a-w-c:\windows\SysWow64\d3d11.dll
    2013-06-11 18:58 . 2013-06-11 18:581424384----a-w-c:\windows\system32\WindowsCodecs.dll
    2013-06-11 18:58 . 2013-06-11 18:581230336----a-w-c:\windows\SysWow64\WindowsCodecs.dll
    2013-06-11 18:57 . 2013-06-11 18:57903168----a-w-c:\windows\SysWow64\certutil.exe
    2013-06-11 18:57 . 2013-06-11 18:5752224----a-w-c:\windows\system32\certenc.dll
    2013-06-11 18:57 . 2013-06-11 18:5743008----a-w-c:\windows\SysWow64\certenc.dll
    2013-06-11 18:57 . 2013-06-11 18:571464320----a-w-c:\windows\system32\crypt32.dll
    2013-06-11 18:57 . 2013-06-11 18:571192448----a-w-c:\windows\system32\certutil.exe
    2013-06-11 18:57 . 2013-06-11 18:571160192----a-w-c:\windows\SysWow64\crypt32.dll
    2013-06-11 18:57 . 2013-06-11 18:57184320----a-w-c:\windows\system32\cryptsvc.dll
    2013-06-11 18:57 . 2013-06-11 18:57140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2013-06-11 18:57 . 2013-06-11 18:57139776----a-w-c:\windows\system32\cryptnet.dll
    2013-06-11 18:57 . 2013-06-11 18:57103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2013-06-09 03:45 . 2013-06-09 03:45707354----a-w-c:\windows\unins000.exe
    2013-05-10 16:01 . 2013-05-10 04:43275360----a-w-c:\windows\system32\DreamScene.dll
    2013-05-10 04:43 . 2013-05-10 04:43275360----a-w-c:\windows\system32\DreamScene.dll.9641
    2013-05-09 16:45 . 2011-03-29 01:3622240----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\barb\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-26 336384]
    "vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-04 1219248]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-05-11 1353040]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 vToolbarUpdater15.0.1;vToolbarUpdater15.0.1; [x]
    R3 atillk64;atillk64; [x]
    R3 EagleX64;EagleX64; [x]
    R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
    R3 X6VA011;X6VA011; [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys;c:\windows\SYSNATIVE\drivers\sbtis.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
    S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
    S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
    S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [x]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
    S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-07-31 15:011173456----a-w-c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 02:11]
    .
    2013-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2736274946-839652594-1312385167-1000Core.job
    - c:\users\barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 02:20]
    .
    2013-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2736274946-839652594-1312385167-1000UA.job
    - c:\users\barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-02 02:20]
    .
    2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 09:53]
    .
    2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 09:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-08-02 1831016]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
    "SBRegRebootCleaner"="c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe" [2011-05-11 197968]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchAssistant = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=TJ&userid=686bf4f2-e811-4f5e-8d2e-f532f02cbe03&searchtype=ds&q={searchTerms}&installDate=22/06/2013
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - ExtSQL: 2013-07-18 18:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-07-26 18:08; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    FF - ExtSQL: !HIDDEN! 2013-02-15 18:51; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 4628cb59000000000000000078bba9e1
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15905
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.59:54
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4948
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    Toolbar-{459D13D6-F4B3-43A7-B465-0865464B87C8} - (no file)
    WebBrowser-{459D13D6-F4B3-43A7-B465-0865464B87C8} - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\SecuROM\License information*]
    "datasecu"=hex:b5,c3,09,07,35,1e,75,e7,40,5d,69,cd,d9,80,65,b0,0b,bc,f7,22,ac,
    c8,c3,b2,b4,b6,ed,d8,9d,2d,88,65,0d,95,94,fb,d9,09,18,b6,70,65,8f,49,75,e8,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Launch Manager\LMutilps32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2013-08-04 22:24:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-08-05 02:24
    .
    Pre-Run: 130,527,129,600 bytes free
    Post-Run: 130,359,742,464 bytes free
    .
    - - End Of File - - 0D9ACC6311E8E94AA9799BD3D915E4F6
    A36C5E4F47E84449FF07ED3517B43A31
    Help fast please! When it was done and I tried to run things it said that this registry was marked for deletion then wouldn't let me unless I went on safe mode.
     
  16. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    Sources online seem to say I should reboot and it fill fix itself, I'll give that a try even though the last two times it just gave me frozen screen.
     
  17. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    Nope, just a black screen with my mouse =(
     
  18. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    Nevermind, it just took a couple restarts, awaiting further instructions.
    Just ignore all my panicking lol^^^^^
     
  19. Broni

    Broni Malware Annihilator Posts: 47,701   +268

    Combofix log looks good.
    If you've read my instructions carefully...
    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    The computer is fine now, just needed to restart a couple times. Will continue these instructions tomorrow.
     
  21. Broni

    Broni Malware Annihilator Posts: 47,701   +268

  22. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    # AdwCleaner v2.306 - Logfile created 08/05/2013 at 19:35:43
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : barb - BARB-PC
    # Boot Mode : Normal
    # Running from : C:\Users\barb\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Users\barb\AppData\Local\funmoods-speeddial.crx
    File Deleted : C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
    File Deleted : C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    File Deleted : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\bprotector_extensions.sqlite
    File Deleted : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\bprotector_prefs.js
    File Deleted : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\searchplugins\Babylon.xml
    File Deleted : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\searchplugins\delta.xml
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
    Folder Deleted : C:\Program Files (x86)\OApps
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\BrowserDefender
    Folder Deleted : C:\ProgramData\SweetIM
    Folder Deleted : C:\Users\barb\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
    Folder Deleted : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
    Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\BabSolution
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\5f0dcd1e76ee948
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
    Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
    Key Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
    Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\5f0dcd1e76ee948
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Registry is clean.

    -\\ Mozilla Firefox v22.0 (en-US)

    File : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\prefs.js

    C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\kxbtibfp.default\user.js ... Deleted !

    Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
    Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
    Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
    Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
    Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
    Deleted : user_pref("extensions.delta.admin", false);
    Deleted : user_pref("extensions.delta.aflt", "babsst");
    Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Deleted : user_pref("extensions.delta.dfltLng", "en");
    Deleted : user_pref("extensions.delta.excTlbr", false);
    Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
    Deleted : user_pref("extensions.delta.id", "4628cb59000000000000000078bba9e1");
    Deleted : user_pref("extensions.delta.instlDay", "15905");
    Deleted : user_pref("extensions.delta.instlRef", "sst");
    Deleted : user_pref("extensions.delta.newTab", false);
    Deleted : user_pref("extensions.delta.prdct", "delta");
    Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Deleted : user_pref("extensions.delta.rvrt", "false");
    Deleted : user_pref("extensions.delta.smplGrp", "none");
    Deleted : user_pref("extensions.delta.tlbrId", "base");
    Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
    Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.59:54:10");
    Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
    Deleted : user_pref("extensions.delta_i.babExt", "");
    Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4948");
    Deleted : user_pref("extensions.delta_i.srcExt", "ss");

    -\\ Google Chrome v28.0.1500.95

    File : C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.2497] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=4628000078BBA9E1&affID=119351&tsp=[...]

    *************************

    AdwCleaner[S1].txt - [11909 octets] - [05/08/2013 19:35:43]

    ########## EOF - C:\AdwCleaner[S1].txt - [11970 octets] ##########
     
  23. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.3.3 (08.04.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by barb on Mon 08/05/2013 at 19:45:21.19
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311321154}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\big fish games"
    Successfully deleted: [Folder] "C:\Users\barb\AppData\Roaming\big fish games"
    Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"
    Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{123BA9A8-926D-48BC-94B7-DE0F33F693FE}
    Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{1D6B4E8B-6117-47E6-A3EE-988AEBFA66CD}
    Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{5B7A7B2E-9689-40BC-A28C-F693FFEB2F89}
    Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{A6B9B7AC-8CDE-4C69-B7DB-BF70F6EBADC2}
    Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{B0CC6B25-14BE-43CD-BAB8-4548F98A0E21}
    Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{CD0A2B13-45F3-4ADE-B707-D487D2108FBD}
    Successfully deleted: [Empty Folder] C:\Users\barb\appdata\local\{DE1A2AB6-CE11-4750-B5D3-C4D78896B20C}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 08/05/2013 at 19:53:41.71
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  24. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    OTL logfile created on: 8/5/2013 8:08:10 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\barb\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16635)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.48 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 75.66% Memory free
    10.96 Gb Paging File | 9.29 Gb Available in Paging File | 84.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.66 Gb Total Space | 122.11 Gb Free Space | 27.10% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 465.65 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

    Computer Name: BARB-PC | User Name: barb | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/08/05 19:34:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\barb\Desktop\OTL.exe
    PRC - [2013/07/13 07:32:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013/06/05 01:02:10 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\barb\AppData\Local\Akamai\netsession_win.exe
    PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/06/30 22:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    PRC - [2011/06/30 22:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2011/06/30 22:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2011/06/30 22:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    PRC - [2011/05/11 17:16:32 | 001,353,040 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
    PRC - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
    PRC - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
    PRC - [2011/03/09 13:11:22 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    PRC - [2011/03/09 13:10:32 | 000,290,112 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    PRC - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/03/09 13:13:18 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/07/09 21:59:29 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/08/02 14:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2011/05/25 12:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/04/22 12:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2013/07/26 18:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/07/24 22:11:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/07/13 07:32:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/10/24 11:37:51 | 004,456,320 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2011/06/30 22:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
    SRV - [2011/03/09 13:11:22 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/07/15 11:12:14 | 000,021,656 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evolve.sys -- (EvolveVirtualAdapter)
    DRV:64bit: - [2013/06/20 21:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
    DRV:64bit: - [2013/05/04 09:37:02 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/03/04 20:24:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2013/02/14 19:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2013/02/14 08:33:06 | 000,037,472 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
    DRV:64bit: - [2013/02/08 10:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2013/01/10 02:11:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2013/01/10 02:11:17 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/01/10 02:11:16 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/15 11:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/14 01:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/07/14 01:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/07/05 08:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2011/05/25 13:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/05/25 11:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
    DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
    DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
    DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
    DRV:64bit: - [2011/04/05 07:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2011/03/01 05:54:36 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV:64bit: - [2011/01/24 23:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/12/15 11:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/12/01 04:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/07/01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2008/12/26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
    DRV - [2012/08/01 15:44:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
    DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.p...tBtCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=870646065
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 11 DA 14 F8 46 CE 01 [binary data]
    IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\barb\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\barb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\barb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/15 19:51:08 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/15 19:51:08 | 000,000,000 | ---D | M]

    [2012/08/27 01:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/08/27 01:43:12 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    [2013/08/03 22:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\qkxihmpl.default\extensions
    [2013/05/01 19:28:40 | 000,068,740 | R--- | M] () (No name found) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\qkxihmpl.default\extensions\NoiaFoxoption@davidvincent.tld.xpi
    [2013/05/01 19:28:40 | 002,478,880 | R--- | M] () (No name found) -- C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\qkxihmpl.default\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
    [2013/08/05 19:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    CHR - plugin: Google Update (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Disabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - plugin: Pando Web Plugin (Disabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Uplay PC (Disabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    CHR - plugin: Windows Live Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Disabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Unity Player (Disabled) = C:\Users\barb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Video Calling Plugin (Disabled) = C:\Users\barb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - Extension: jarPlug = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\anhldmgeompmlcmdcpbgdecdokhedlaa\1.1.0_0\
    CHR - Extension: Google Docs = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: AdBlock = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\
    CHR - Extension: Plug+ = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf\1.1.4.14_0\
    CHR - Extension: Safe Saver = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehnejgknjfgfdmijlaloodhdgnbgdgn\1.23.29_0\crossrider
    CHR - Extension: Safe Saver = C:\Users\barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehnejgknjfgfdmijlaloodhdgnbgdgn\1.23.29_0\

    O1 HOSTS File: ([2013/08/04 22:18:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {459D13D6-F4B3-43A7-B465-0865464B87C8} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
    O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {459D13D6-F4B3-43A7-B465-0865464B87C8} - No CLSID value found.
    O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe (Sunbelt Software)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000..\Run: [Akamai NetSession Interface] C:\Users\barb\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2842DCA-53DF-4CB7-AD33-52F4A3AD0778}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/08/05 19:42:43 | 000,001,800 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  25. Austin Mahar

    Austin Mahar TS Rookie Topic Starter Posts: 35

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/08/05 19:45:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/08/05 19:34:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\barb\Desktop\OTL.exe
    [2013/08/05 19:34:10 | 000,562,008 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\barb\Desktop\JRT.exe
    [2013/08/04 22:18:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013/08/04 22:00:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/08/04 22:00:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/08/04 22:00:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/08/04 21:59:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/08/04 21:59:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/08/04 19:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/08/03 23:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013/08/03 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/08/03 23:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/08/03 23:13:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/08/03 23:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/08/03 20:06:19 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Akamai
    [2013/08/03 20:06:14 | 000,000,000 | ---D | C] -- C:\AeriaGames
    [2013/08/03 12:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
    [2013/08/03 12:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WB Games
    [2013/08/02 17:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
    [2013/08/02 10:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
    [2013/07/29 08:58:50 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\LogMeIn Hamachi
    [2013/07/27 12:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
    [2013/07/27 12:54:57 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\PAYDAY 2
    [2013/07/26 11:30:29 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\PAYDAY
    [2013/07/23 13:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    [2013/07/23 13:00:58 | 000,000,000 | ---D | C] -- C:\GOG Games
    [2013/07/22 10:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2013/07/22 10:44:58 | 000,000,000 | ---D | C] -- C:\MATS
    [2013/07/21 16:50:13 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Malwarebytes
    [2013/07/21 16:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/07/21 13:46:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2013/07/21 10:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
    [2013/07/21 10:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer
    [2013/07/21 01:13:29 | 000,110,080 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\DelayAPO.dll
    [2013/07/19 10:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
    [2013/07/19 09:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Pivot Animator
    [2013/07/19 09:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safe Saver
    [2013/07/19 09:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator
    [2013/07/19 09:53:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pivot Animator
    [2013/07/19 05:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/07/18 21:09:24 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Sunbelt
    [2013/07/18 21:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
    [2013/07/18 21:08:43 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
    [2013/07/18 21:08:42 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
    [2013/07/18 21:08:25 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
    [2013/07/18 21:08:24 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
    [2013/07/18 21:08:23 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
    [2013/07/18 21:08:23 | 000,045,904 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe
    [2013/07/18 21:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunbelt Software
    [2013/07/18 21:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
    [2013/07/18 21:05:16 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Avg2013
    [2013/07/18 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/07/18 15:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\KeyExtender
    [2013/07/18 10:53:39 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2013/07/18 10:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2013/07/18 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Notepad++
    [2013/07/18 10:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
    [2013/07/15 11:12:49 | 000,021,656 | ---- | C] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys
    [2013/07/15 11:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Echobit
    [2013/07/15 11:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Echobit
    [2013/07/15 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Echobit
    [2013/07/14 23:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
    [2013/07/13 19:06:53 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
    [2013/07/13 13:41:19 | 000,000,000 | ---D | C] -- C:\Users\barb\Documents\New folder
    [2013/07/13 13:32:23 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\FileZilla
    [2013/07/13 13:32:07 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    [2013/07/13 13:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
    [2013/07/13 09:33:46 | 000,000,000 | ---D | C] -- C:\Users\barb\Documents\DeadIsland
    [2013/07/13 07:31:55 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
    [2013/07/12 08:40:14 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\My Games
    [2013/07/10 12:35:05 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Natural Selection 2
    [2013/07/10 10:06:45 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\CrashRpt
    [2013/07/10 09:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
    [2013/07/09 09:08:50 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\MediaArt
    [2013/07/09 09:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaArt
    [2013/07/09 09:04:47 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Love Story - The Way Home
    [2013/07/09 09:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Love Story - The Way Home
    [2013/07/09 09:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Love Story - The Way Home
    [2013/07/09 07:59:10 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Big Fish
    [2013/07/09 07:59:09 | 000,000,000 | ---D | C] -- C:\BigFishCache
    [2013/07/08 10:50:16 | 000,000,000 | ---D | C] -- C:\Users\barb\AppData\Local\Skyrim
    [2013/07/08 10:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911

    ========== Files - Modified Within 30 Days ==========

    [2013/08/05 19:59:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/08/05 19:48:24 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/08/05 19:48:24 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/08/05 19:41:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/05 19:40:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/08/05 19:39:48 | 117,624,831 | -HS- | M] () -- C:\hiberfil.sys
    [2013/08/05 19:34:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\barb\Desktop\OTL.exe
    [2013/08/05 19:34:10 | 000,562,008 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\barb\Desktop\JRT.exe
    [2013/08/05 19:25:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2736274946-839652594-1312385167-1000UA.job
    [2013/08/05 19:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/08/04 22:25:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2736274946-839652594-1312385167-1000Core.job
    [2013/08/04 22:18:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/08/02 09:22:30 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/08/02 09:22:30 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/08/02 09:22:30 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/07/31 10:29:02 | 000,003,711 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/07/26 10:57:52 | 000,005,054 | ---- | M] () -- C:\Users\barb\Documents\$R6I5UKI.jpeg
    [2013/07/26 06:47:17 | 000,061,446 | ---- | M] () -- C:\Users\barb\Documents\cant-simmer-the-zimmer.jpg
    [2013/07/25 12:11:10 | 000,122,805 | ---- | M] () -- C:\Users\barb\Documents\9A229729-F912-4A6C-9E87-E1DDC54A5EF2.jpg
    [2013/07/25 12:08:21 | 000,083,066 | ---- | M] () -- C:\Users\barb\Documents\869A7BD9-FC2C-4093-B0E2-F8BFEF204D31.jpg
    [2013/07/25 12:07:20 | 000,090,033 | ---- | M] () -- C:\Users\barb\Documents\2DC678AE-A6B2-4F74-8690-403EC765AFBB.jpg
    [2013/07/25 12:04:53 | 000,067,475 | ---- | M] () -- C:\Users\barb\Documents\972243_699626963387298_577762988_n.jpg
    [2013/07/25 11:20:25 | 000,060,323 | ---- | M] () -- C:\Users\barb\Documents\0F6B72CD-51E1-4D1F-A78E-589F15FA8BED.jpg
    [2013/07/22 09:59:23 | 000,296,800 | ---- | M] () -- C:\Users\barb\Documents\sexysquidward.gif
    [2013/07/19 14:22:09 | 000,002,246 | ---- | M] () -- C:\Users\barb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/07/19 02:16:59 | 000,001,682 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
    [2013/07/19 02:16:57 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
    [2013/07/18 21:08:23 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE Antivirus Premium.lnk
    [2013/07/15 11:12:14 | 000,021,656 | ---- | M] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys
    [2013/07/15 07:37:38 | 000,000,024 | ---- | M] () -- C:\Users\barb\random.dat
    [2013/07/15 06:49:28 | 000,000,043 | ---- | M] () -- C:\Users\barb\jagex_cl_runescape_LIVE.dat
    [2013/07/13 07:32:30 | 000,282,512 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013/07/13 07:32:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2013/07/10 10:15:42 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2013/07/10 10:12:42 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2013/07/10 04:12:27 | 000,316,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/07/09 09:06:11 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Play Love Story - The Way Home.lnk
    [2013/07/09 09:06:11 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk

    ========== Files Created - No Company Name ==========

    [2013/08/04 22:00:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/08/04 22:00:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/08/04 22:00:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/08/04 22:00:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/08/04 22:00:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/07/26 10:57:50 | 000,005,054 | ---- | C] () -- C:\Users\barb\Documents\$R6I5UKI.jpeg
    [2013/07/26 06:47:00 | 000,061,446 | ---- | C] () -- C:\Users\barb\Documents\cant-simmer-the-zimmer.jpg
    [2013/07/25 12:11:03 | 000,122,805 | ---- | C] () -- C:\Users\barb\Documents\9A229729-F912-4A6C-9E87-E1DDC54A5EF2.jpg
    [2013/07/25 12:08:16 | 000,083,066 | ---- | C] () -- C:\Users\barb\Documents\869A7BD9-FC2C-4093-B0E2-F8BFEF204D31.jpg
    [2013/07/25 12:07:16 | 000,090,033 | ---- | C] () -- C:\Users\barb\Documents\2DC678AE-A6B2-4F74-8690-403EC765AFBB.jpg
    [2013/07/25 12:04:39 | 000,067,475 | ---- | C] () -- C:\Users\barb\Documents\972243_699626963387298_577762988_n.jpg
    [2013/07/25 11:20:22 | 000,060,323 | ---- | C] () -- C:\Users\barb\Documents\0F6B72CD-51E1-4D1F-A78E-589F15FA8BED.jpg
    [2013/07/22 09:59:00 | 000,296,800 | ---- | C] () -- C:\Users\barb\Documents\sexysquidward.gif
    [2013/07/19 05:56:07 | 000,002,246 | ---- | C] () -- C:\Users\barb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/07/19 05:54:03 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/07/19 05:54:01 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/07/19 02:16:59 | 000,001,682 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
    [2013/07/19 02:16:57 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
    [2013/07/18 21:08:23 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Antivirus Premium.lnk
    [2013/07/10 09:50:46 | 000,282,512 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013/07/10 09:50:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2013/07/09 09:06:11 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Play Love Story - The Way Home.lnk
    [2013/07/09 09:06:11 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
    [2013/06/08 23:45:31 | 000,707,354 | ---- | C] () -- C:\Windows\unins000.exe
    [2013/06/08 23:45:31 | 000,001,529 | ---- | C] () -- C:\Windows\unins000.dat
    [2013/06/07 11:33:52 | 000,000,677 | ---- | C] () -- C:\Users\barb\barb - Shortcut.lnk
    [2013/03/04 20:30:34 | 000,001,187 | ---- | C] () -- C:\Windows\eReg.dat
    [2013/02/15 19:42:59 | 000,221,275 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2013/02/15 19:42:58 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2013/02/14 00:48:05 | 000,009,216 | ---- | C] () -- C:\Users\barb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/23 21:30:15 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\lwjgl.dll
    [2013/01/23 21:30:15 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\jinput-dx8.dll
    [2013/01/23 21:30:15 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\jinput-raw.dll
    [2013/01/17 20:25:10 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2012/10/05 11:20:55 | 000,000,024 | ---- | C] () -- C:\Users\barb\random.dat
    [2012/10/05 11:20:54 | 000,000,043 | ---- | C] () -- C:\Users\barb\jagex_cl_runescape_LIVE.dat
    [2012/10/05 11:20:36 | 000,000,024 | ---- | C] () -- C:\Users\barb\jagexappletviewer.preferences
    [2012/09/25 20:19:52 | 000,000,225 | ---- | C] () -- C:\Users\barb\AppData\Roaming\My Profile.xml
    [2012/08/26 16:32:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/07/05 17:22:26 | 000,003,711 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/06/23 12:23:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/08/11 12:01:50 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/08/11 11:23:14 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/08/05 09:05:15 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\.minecraft
    [2013/06/11 08:42:31 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\.mono
    [2013/07/31 10:15:20 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\.technic
    [2012/11/12 16:36:20 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\.techniclauncher
    [2013/07/03 08:13:49 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\4 Friends Games
    [2013/06/27 08:19:04 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\AlawarEntertainment
    [2012/10/13 07:10:51 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Artifex Mundi
    [2013/01/01 02:03:31 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Awesomium
    [2013/04/16 01:04:54 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Barnes & Noble
    [2012/09/25 20:58:03 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Blackboard
    [2013/03/29 03:23:51 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\BlamGames
    [2013/07/08 10:37:36 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\DAEMON Tools Lite
    [2013/06/29 10:53:10 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\DarknessII
    [2013/05/05 07:11:05 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Elephant Games
    [2013/02/02 00:03:49 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Elluminate
    [2013/05/06 03:19:00 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\ERS Game Studios
    [2013/07/22 20:31:17 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\FileZilla
    [2013/05/12 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\ftblauncher
    [2012/10/16 05:18:16 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\GameNuttPackages
    [2013/07/21 01:09:10 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\IObit
    [2013/07/01 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\L.A.Noire
    [2012/08/26 17:15:25 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\LolClient
    [2013/07/09 09:08:50 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\MediaArt
    [2013/07/13 11:19:39 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Natural Selection 2
    [2013/01/02 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Need for Speed World
    [2013/04/05 19:14:19 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\NeopleLauncherDFO
    [2013/07/18 10:53:49 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Notepad++
    [2012/08/08 21:16:57 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Oberon Media
    [2013/04/15 19:00:54 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Old_Skype
    [2012/07/22 16:26:34 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\OverDrive
    [2012/09/05 07:32:08 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Philipp Winterberg
    [2013/05/04 10:13:12 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Play withSIX
    [2013/04/22 18:35:19 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\PrivateTunnel
    [2013/03/04 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\raidcall
    [2012/11/27 22:47:56 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\RCKR
    [2012/08/08 21:19:06 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\ReelDealVampireAdventure
    [2013/03/25 14:15:33 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\RenPy
    [2013/03/24 00:24:35 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\savedata
    [2013/01/06 22:20:40 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Screaming Bee
    [2013/05/02 14:05:31 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SecondLife
    [2012/11/22 21:30:51 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SEGA
    [2013/01/10 01:45:13 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\ShopAtHome
    [2012/07/08 14:20:10 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SNS
    [2013/01/27 23:42:38 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SoftGrid Client
    [2013/04/09 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\SplitMediaLabs
    [2013/06/13 11:10:34 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Spore
    [2013/06/27 08:34:54 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Spotify
    [2013/06/03 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\TeamViewer
    [2013/01/16 19:03:42 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Theta
    [2012/07/22 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\TP
    [2013/08/05 11:49:12 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\TS3Client
    [2012/09/21 16:55:54 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\TuneUp Software
    [2013/02/23 21:56:13 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Unity
    [2013/08/05 00:02:47 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\uTorrent
    [2012/10/20 09:53:31 | 000,000,000 | ---D | M] -- C:\Users\barb\AppData\Roaming\Windows Live Writer
    [2013/01/26 02:17:26 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2012/10/13 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/01/26 02:17:26 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    [2012/10/13 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 260 bytes -> C:\ProgramData\Temp:A7C40691
    @Alternate Data Stream - 255 bytes -> C:\ProgramData\Temp:B3A5945E
    @Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:3C4BD225
    @Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:997DA6D7
    @Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:CE3AADB7
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:EC3A9923
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:1AC933DC
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:F2E92DCD
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9836B5E4
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:00F3978A
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:95D421DF
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4B325725
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EC752217
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:92BD9737
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:02172F27
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:96372A73
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E3E91030
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3241739E


    < End of report >
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.