TechSpot

Re: Proxy Issues and Internet Speed

Solved
By Scot G. Russian
Jul 2, 2014
  1. Disclaimer: I did not get any notification that I received a response to my thread and was unable to open it back up. I'm remaking it, and hoping to take down the last one.

    "It's been a while since I've posted, but I had some concern with my computer and our network recently.
    Some friends and I all moved in together and got broadband internet. My computer was the only one having problems connecting at first, and when I tried connecting Chrome (and Firefox and IE.) all had problems connecting to the "proxy server." The person from Comcast I talked to said that's not a good sign, as I was connecting to another peer before going to any internet page. (I am assuming making my connection less secure.)

    I was wondering what I might need to do? I'm running a Desktop with Windows 7, and I switched from Avast to Microsoft Security Essentials as I accidently downloaded an update to "Windows Defender" a while back, and apparently they have been conflicting. The day I rebooted my computer at the new house, I got an error message from Windows Defender:

    "This program is turned off

    If you are using another program that checks for harmful or unwanted software, use the Action Center to check that program's statu.

    If you would like to use this program, <click here to turn it on>."

    I'm unsure what this is, as this has never happened while I was running Avast and had been downloading patches for Windows Defender for several months before. (even a couple of years)

    The other error message after this is:

    "This program's service has stopped. You can start the service manually or restart your computer, which will start the service. (Error Code:
    0x800106ba"

    When I looked this up, it said it was inactive since MsSE is essentially that service, and they conflict. But I've never had this happen when I had Avast, and never got BSoDs while it was running either.

    Any help to bring my PC back to great health and hopefully make it more secure would be very helpful. Thank you to anyone who can help!"

    I also ran FSS and FRST x64. I will include those logs, along with the post that was on the last thread, sorry again for not keeping up!
     
  2. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Response from Superdave1941 (http://www.techspot.com/community/members/superdave1941.349243/)

    "
    Hello and welcome to TechSpot.com My name is Dave. I will be helping you out with your particular problem on your computer.
    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.
    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Windows 7 comes with Windowd Defender installed. You do not need MSE. What happened when you ran the Action Center?
    Please download Farbar Service Scanner to the desktop and run it on the computer with the issue.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Make sure FRST is run under administrator privileges.
    Make sure that the Whitelist section is checked.Otherwise, the log will be very long.
    You Security programs may prevent the tool from running. If this happens, disable the security program until the scan is completed.
     
  3. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    I ran FSS and FRST (x64) I will include those in my responses.

    1. When I booted up my PC I saw a message that read:

    Windows Defender:

    'This program is turned off'

    If you are using another program that checks for harmful or unwanted software, use the Action Center to check that program's status.

    If you would like to use this program, <click here to turn it on.>

    ---

    When I tried clicking here, since I wanted to use one antivirus instead of running multiples on top of each other, (I was fine with Avast and Windows Defender before, but this came up after I moved.) I got an error message:

    'Windows Defender' *without the MSE logo/castle icon*

    This program's service has stopped. You can start the service manually or restart your computer, which will start the service. (Error Code:
    0x800106ba)

    ---

    Every time I restarted, I would get that message. I have no idea if it's malware, or something not working with the program. I have MSE installed now, and Avast is uninstalled, but I believe I still get this pop up. I got a BSoD a few days ago from trying to put my computer to sleep. I think it said POWER_FAILURE, but I can't remember entirely. I'll copy-paste the logs in the next response.
     
  4. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    FSS:


    Farbar Service Scanner Version: 10-06-2014
    Ran by Scot Grusian (administrator) on 02-07-2014 at 16:16:05
    Running from "C:\Users\Scot Grusian\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  5. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
    Ran by Scot Grusian (administrator) on ATLAS on 02-07-2014 16:24:15
    Running from C:\Users\Scot Grusian\Downloads
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (www.Bandisoft.com) C:\Program Files (x86)\Bandicam\bdcam.exe
    (www.Bandisoft.com) C:\Program Files (x86)\Bandicam\bdcam64.bin
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [961024 2009-07-13] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
    HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
    HKU\.DEFAULT\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
    HKU\S-1-5-21-2772686979-1836086579-1152052998-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-06-26] (Valve Corporation)
    HKU\S-1-5-21-2772686979-1836086579-1152052998-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD)
    HKU\S-1-5-21-2772686979-1836086579-1152052998-1000\...\MountPoints2: {16bfb78b-b7a5-11e3-9c35-14dae9d761d9} - G:\CMADownloader.exe
    HKU\S-1-5-21-2772686979-1836086579-1152052998-1000\...\MountPoints2: {35f70531-116a-11e1-9b05-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
    HKU\S-1-5-21-2772686979-1836086579-1152052998-1000\...\MountPoints2: {92b67671-1ce2-11e3-909c-14dae9d761d9} - I:\TLBootstrap_WPP.exe
    Startup: C:\Users\Jscabdattr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
    Startup: C:\Users\Jscabdattr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
    ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
    Startup: C:\Users\Jscabdattr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
    ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
    Startup: C:\Users\Scot Grusian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Scot Grusian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    ProxyServer: localhost:21320
    BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    Toolbar: HKLM-x32 - No Name - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
    Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Scot Grusian\AppData\Roaming\Mozilla\Firefox\Profiles\l71b7tm1.default
    FF DefaultSearchEngine: Trovi search
    FF SelectedSearchEngine: Trovi search
    FF Homepage: hxxp://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\Scot Grusian\AppData\Roaming\Mozilla\Firefox\Profiles\l71b7tm1.default\user.js
    FF Extension: WOT - C:\Users\Scot Grusian\AppData\Roaming\Mozilla\Firefox\Profiles\l71b7tm1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-22]
    FF Extension: DownloadHelper - C:\Users\Scot Grusian\AppData\Roaming\Mozilla\Firefox\Profiles\l71b7tm1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-29]
    FF Extension: Adblock Plus - C:\Users\Scot Grusian\AppData\Roaming\Mozilla\Firefox\Profiles\l71b7tm1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-16]

    Chrome:
    =======
    CHR HomePage:
    CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzy0ByDzztAtB0Bzzzy0EzytN0D0Tzu0CzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyCyE0B0EyB0EtG0CtDyD0AtG0E0B0DyBtGtAyDyD0CtGtB0CtB0AyDzyzyyDyDyByCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzztBtC0D0Dzy0CtGyB0F0AtAtGyCyDyCtAtG0CtD0CyBtGyCyByEyB0D0FyCtCyEyDyDyE2Q&cr=1888535898&ir=", "hxxp://www.google.com"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Extension: (Entanglement Web App) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-11-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
    CHR Extension: (WOT) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-09-13]
    CHR Extension: (YouTube) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-22]
    CHR Extension: (Adblock Plus) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-13]
    CHR Extension: (4chan Backtracebook) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnalefakhffmjkhijpgdhkfeadhaljd [2013-10-22]
    CHR Extension: (Google Search) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-22]
    CHR Extension: (4chan Extension) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbdpfkillcfibeehjheknempdbfboia [2013-10-22]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2013-10-22]
    CHR Extension: (4chan Lurk) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iecmhgdndkkgpdiglaidlimicnbdkgkc [2013-10-22]
    CHR Extension: (4chan post number untrunctuation) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiagkkaggpgdkhbokbonegaaeekodici [2013-10-22]
    CHR Extension: (StumbleUpon) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2013-10-22]
    CHR Extension: (Image Search Options) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2013-10-22]
    CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2013-10-22]
    CHR Extension: (nope) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lngcdobeknickdhodpibaaidmbfcbndi [2013-10-22]
    CHR Extension: (Poppit) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-11-18]
    CHR Extension: (Google Wallet) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
    CHR Extension: (Enhanced Steam) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-06-16]
    CHR Extension: (4chan Plus) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2013-10-22]
    CHR Extension: (Gmail) - C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-22]

    ==================== Services (Whitelisted) =================

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-10-07] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
    R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
    S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-11-18] (Macrovision Europe Ltd.) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    S2 Util Mega Browse; "C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
    S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
    R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-10-07] (MCCI Corporation)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems)
    R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2014-06-22] ()
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-01] (Malwarebytes Corporation)
    S3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-11-17] () [File not signed]
    S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-03-24] (StdLib)
    U3 a1f7mv24; C:\Windows\System32\Drivers\a1f7mv24.sys [0 ] (Microsoft Corporation)
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
     
  6. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    FRST, cont:


    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-02 16:24 - 2014-07-02 16:25 - 00022610 _____ () C:\Users\Scot Grusian\Downloads\FRST.txt
    2014-07-02 16:24 - 2014-07-02 16:24 - 00000000 ____D () C:\FRST
    2014-07-02 16:23 - 2014-07-02 16:23 - 02083840 _____ (Farbar) C:\Users\Scot Grusian\Downloads\FRST64.exe
    2014-07-02 16:16 - 2014-07-02 16:16 - 00002645 _____ () C:\Users\Scot Grusian\Downloads\FSS.txt
    2014-07-02 16:13 - 2014-07-02 16:13 - 00415744 _____ (Farbar) C:\Users\Scot Grusian\Downloads\FSS.exe
    2014-07-02 15:46 - 2014-07-02 15:46 - 00000052 _____ () C:\Users\Scot Grusian\comcast phone.txt
    2014-07-01 01:25 - 2014-06-23 17:33 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Keymaker MAZE
    2014-07-01 01:19 - 2014-07-01 01:19 - 00031694 _____ () C:\Users\Scot Grusian\Documents\Keymaker MAZE.rar
    2014-07-01 00:18 - 2014-07-01 00:18 - 00002721 _____ () C:\Users\Scot Grusian\Documents\Minimum Gameplay 6-30-2014.wlmp
    2014-07-01 00:04 - 2014-07-01 00:04 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2014-07-01 00:04 - 2014-07-01 00:04 - 00000000 ____D () C:\Windows\en
    2014-07-01 00:03 - 2014-07-01 00:03 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    2014-07-01 00:02 - 2014-07-01 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-07-01 00:01 - 2014-07-01 00:02 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2014-06-30 23:56 - 2014-07-01 00:05 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Windows Live
    2014-06-30 22:48 - 2014-06-30 22:48 - 00000000 ____D () C:\Users\Scot Grusian\.MCTranscodingSDK
    2014-06-30 22:46 - 2014-06-30 22:58 - 00000000 ____D () C:\Program Files\Lightworks
    2014-06-30 22:14 - 2014-06-30 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
    2014-06-30 22:14 - 2014-06-30 22:14 - 00000000 ____D () C:\ProgramData\Geevs
    2014-06-30 22:13 - 2014-06-30 22:32 - 00000000 ____D () C:\Program Files (x86)\Lightworks
    2014-06-29 14:48 - 2014-06-29 14:48 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\HackSlashLoot
    2014-06-29 02:42 - 2014-06-30 23:59 - 00000769 _____ () C:\Windows\DirectX.log
    2014-06-29 02:42 - 2014-06-29 03:20 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Guacamelee
    2014-06-29 00:50 - 2014-06-29 00:53 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Giana Sisters - Twisted Dreams
    2014-06-27 15:12 - 2014-06-27 15:12 - 00000056 _____ () C:\Windows\setupact.log
    2014-06-27 15:12 - 2014-06-27 15:12 - 00000000 _____ () C:\Windows\setuperr.log
    2014-06-27 15:11 - 2014-06-27 15:11 - 00005972 _____ () C:\Windows\PFRO.log
    2014-06-27 15:10 - 2014-06-27 15:10 - 00000000 _____ () C:\asc_rdflag
    2014-06-25 23:50 - 2014-06-25 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
    2014-06-25 23:50 - 2014-06-25 23:50 - 00000000 ____D () C:\ProgramData\BlueStacks
    2014-06-25 23:50 - 2014-06-25 23:50 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
    2014-06-25 23:49 - 2014-06-25 23:49 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Bluestacks
    2014-06-25 12:09 - 2014-06-25 12:09 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\CDWLauncher
    2014-06-25 02:26 - 2014-06-25 02:26 - 00000056 _____ () C:\Users\Scot Grusian\debut code.txt
    2014-06-24 00:35 - 2013-01-15 19:49 - 00026432 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
    2014-06-22 14:49 - 2014-06-22 14:49 - 00001181 _____ () C:\Users\Scot Grusian\AppData\Roaming\trace_FilterInstaller.txt
    2014-06-22 14:49 - 2014-06-22 14:49 - 00000000 _____ () C:\Users\Scot Grusian\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2014-06-22 14:46 - 2014-06-22 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
    2014-06-22 13:37 - 2014-06-22 13:37 - 00000000 ____D () C:\Users\Scot Grusian\D-Fend Reloaded
    2014-06-22 13:37 - 2014-06-22 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
    2014-06-22 13:37 - 2014-06-22 13:37 - 00000000 ____D () C:\Program Files (x86)\D-Fend Reloaded
    2014-06-22 13:34 - 2014-06-22 13:34 - 00000000 ____D () C:\Users\Scot Grusian\Downloads\number-munchers
    2014-06-22 02:46 - 2014-06-30 23:02 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\IrfanView
    2014-06-21 06:51 - 2014-06-21 06:51 - 00000335 _____ () C:\Users\Scot Grusian\Desktop\job hunting 6-21.txt
    2014-06-20 21:45 - 2014-06-20 21:45 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-06-20 21:45 - 2014-06-20 21:45 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-06-20 21:45 - 2014-06-20 21:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-06-20 21:45 - 2014-06-20 21:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-06-20 19:55 - 2014-06-20 19:55 - 00000085 _____ () C:\Windows\wininit.ini
    2014-06-20 19:24 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140620-192438.backup
    2014-06-20 18:08 - 2014-06-20 18:11 - 00022528 ___SH () C:\Users\Jscabdattr\Downloads\Thumbs.db
    2014-06-18 04:35 - 2014-06-18 04:35 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Remedy
    2014-06-17 22:58 - 2014-06-17 22:58 - 00000000 ____D () C:\Users\Scot Grusian\Documents\RPGVXAce
    2014-06-16 00:19 - 2014-06-16 00:19 - 00000791 _____ () C:\Users\Scot Grusian\what am I even.txt
    2014-06-15 20:00 - 2014-06-16 21:54 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Gaijin Games
    2014-06-15 01:21 - 2014-06-15 01:21 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Robot Entertainment
    2014-06-13 23:07 - 2014-06-13 23:07 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\MrBree
    2014-06-11 03:18 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2014-06-10 21:25 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-06-10 21:25 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-06-10 21:25 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-06-10 21:25 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-06-10 21:25 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-06-10 21:25 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-06-10 21:25 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-06-10 21:25 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-06-10 21:25 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-06-10 21:25 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-06-10 21:25 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-06-10 21:25 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-06-10 21:25 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-06-10 21:25 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-06-10 21:25 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-06-10 21:25 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-06-10 21:25 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-06-10 21:25 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-06-10 21:25 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-06-10 21:25 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-06-10 21:25 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-06-10 21:25 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-06-10 21:25 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-06-10 21:25 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-06-10 21:25 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-06-10 21:25 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-06-10 21:25 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-06-10 21:25 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-06-10 21:25 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-06-10 21:25 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-06-10 21:25 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-06-10 21:25 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-06-10 21:25 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-06-10 21:25 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-06-10 21:25 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-06-10 21:25 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-06-10 21:25 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-06-10 21:25 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-06-10 21:25 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-06-10 21:25 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-06-10 21:25 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-06-10 21:25 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-06-10 21:25 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-06-10 21:25 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-06-10 21:25 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-06-10 21:25 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-06-10 21:25 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-06-10 21:25 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-06-10 21:25 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-06-10 21:25 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-06-10 21:25 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-06-10 21:25 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-06-10 21:14 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-06-10 21:14 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2014-06-10 21:13 - 2014-06-08 02:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-10 21:13 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-06-10 21:13 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-06-10 21:13 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-06-10 21:13 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-06-10 21:13 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-06-10 21:13 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-06-10 21:13 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-06-10 21:13 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-06-10 21:13 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-06-10 21:13 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-06-10 21:13 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-06-10 21:13 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-06-10 21:12 - 2014-06-08 02:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-06-08 06:01 - 2014-06-08 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
    2014-06-08 01:06 - 2014-06-08 01:07 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
    2014-06-07 23:24 - 2014-06-07 23:24 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\BIT.TRIP BEAT
    2014-06-07 06:05 - 2014-06-07 23:23 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\StealthBastard[Steam]
    2014-06-06 00:06 - 2014-06-06 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2014-06-06 00:06 - 2013-12-01 05:10 - 00257624 _____ () C:\Windows\system32\unrar64.dll
    2014-06-05 23:53 - 2014-06-27 07:32 - 00000000 ____D () C:\Program Files (x86)\osu!
    2014-06-04 17:07 - 2014-06-04 17:07 - 00000000 ____D () C:\Users\Scot Grusian\Downloads\Pokemon Golden Silver
    2014-06-03 23:32 - 2014-06-03 23:32 - 00000533 _____ () C:\Users\Scot Grusian\ways to be happy.txt
    2014-06-02 12:55 - 2014-06-02 12:55 - 00005742 _____ () C:\Windows\SysWOW64\collectionCache.bnk

    ==================== One Month Modified Files and Folders =======

    2014-07-02 16:25 - 2014-07-02 16:24 - 00022610 _____ () C:\Users\Scot Grusian\Downloads\FRST.txt
    2014-07-02 16:24 - 2014-07-02 16:24 - 00000000 ____D () C:\FRST
    2014-07-02 16:23 - 2014-07-02 16:23 - 02083840 _____ (Farbar) C:\Users\Scot Grusian\Downloads\FRST64.exe
    2014-07-02 16:16 - 2014-07-02 16:16 - 00002645 _____ () C:\Users\Scot Grusian\Downloads\FSS.txt
    2014-07-02 16:15 - 2009-07-13 21:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-02 16:15 - 2009-07-13 21:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-02 16:14 - 2014-03-16 03:38 - 00000000 ____D () C:\Users\Scot Grusian\Downloads\ZIPs
    2014-07-02 16:13 - 2014-07-02 16:13 - 00415744 _____ (Farbar) C:\Users\Scot Grusian\Downloads\FSS.exe
    2014-07-02 16:10 - 2013-10-22 20:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-02 15:59 - 2013-09-15 00:25 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Apple Computer
    2014-07-02 15:54 - 2013-10-25 00:45 - 00000000 ____D () C:\Users\Scot Grusian\Documents\prg
    2014-07-02 15:47 - 2012-06-10 20:14 - 00000000 ____D () C:\Program Files (x86)\Trillian
    2014-07-02 15:46 - 2014-07-02 15:46 - 00000052 _____ () C:\Users\Scot Grusian\comcast phone.txt
    2014-07-02 15:46 - 2011-11-17 23:53 - 00000000 ____D () C:\Users\Scot Grusian
    2014-07-02 15:43 - 2011-11-17 23:28 - 01443878 _____ () C:\Windows\WindowsUpdate.log
    2014-07-02 15:42 - 2011-11-19 21:05 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-07-02 15:29 - 2011-11-18 01:01 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-02 13:09 - 2014-04-04 21:04 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\TS3Client
    2014-07-02 12:28 - 2011-11-18 01:01 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-02 02:23 - 2013-09-15 00:25 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Skype
    2014-07-02 00:14 - 2013-12-27 15:09 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Bandicam
    2014-07-01 19:11 - 2014-05-10 00:57 - 00000000 ____D () C:\Users\Scot Grusian\Desktop\snaps
    2014-07-01 19:11 - 2013-09-14 00:33 - 00000000 ____D () C:\Users\Scot Grusian\Desktop\Shortcuts
    2014-07-01 01:20 - 2014-04-27 20:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-01 01:19 - 2014-07-01 01:19 - 00031694 _____ () C:\Users\Scot Grusian\Documents\Keymaker MAZE.rar
    2014-07-01 00:18 - 2014-07-01 00:18 - 00002721 _____ () C:\Users\Scot Grusian\Documents\Minimum Gameplay 6-30-2014.wlmp
    2014-07-01 00:05 - 2014-06-30 23:56 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Windows Live
    2014-07-01 00:04 - 2014-07-01 00:04 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2014-07-01 00:04 - 2014-07-01 00:04 - 00000000 ____D () C:\Windows\en
    2014-07-01 00:03 - 2014-07-01 00:03 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    2014-07-01 00:02 - 2014-07-01 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-07-01 00:02 - 2014-07-01 00:01 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2014-07-01 00:01 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-06-30 23:59 - 2014-06-29 02:42 - 00000769 _____ () C:\Windows\DirectX.log
    2014-06-30 23:04 - 2011-01-22 02:03 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\HandBrake
    2014-06-30 23:02 - 2014-06-22 02:46 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\IrfanView
    2014-06-30 22:58 - 2014-06-30 22:46 - 00000000 ____D () C:\Program Files\Lightworks
    2014-06-30 22:58 - 2014-06-30 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
    2014-06-30 22:56 - 2014-05-21 02:11 - 00022016 _____ () C:\Users\Scot Grusian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-06-30 22:48 - 2014-06-30 22:48 - 00000000 ____D () C:\Users\Scot Grusian\.MCTranscodingSDK
    2014-06-30 22:32 - 2014-06-30 22:13 - 00000000 ____D () C:\Program Files (x86)\Lightworks
    2014-06-30 22:14 - 2014-06-30 22:14 - 00000000 ____D () C:\ProgramData\Geevs
    2014-06-30 17:58 - 2013-12-16 22:40 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Audacity
    2014-06-29 15:29 - 2013-11-02 17:18 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\vlc
    2014-06-29 15:29 - 2011-01-24 17:51 - 00000000 ____D () C:\Users\Scot Grusian\Documents\My Games
    2014-06-29 14:48 - 2014-06-29 14:48 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\HackSlashLoot
    2014-06-29 03:20 - 2014-06-29 02:42 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Guacamelee
    2014-06-29 00:53 - 2014-06-29 00:50 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Giana Sisters - Twisted Dreams
    2014-06-27 21:39 - 2014-05-31 14:23 - 00000000 ___RD () C:\Users\Scot Grusian\Dropbox
    2014-06-27 15:16 - 2014-05-31 07:26 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\DropboxMaster
    2014-06-27 15:16 - 2014-05-31 07:25 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Dropbox
    2014-06-27 15:12 - 2014-06-27 15:12 - 00000056 _____ () C:\Windows\setupact.log
    2014-06-27 15:12 - 2014-06-27 15:12 - 00000000 _____ () C:\Windows\setuperr.log
    2014-06-27 15:12 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-06-27 15:11 - 2014-06-27 15:11 - 00005972 _____ () C:\Windows\PFRO.log
    2014-06-27 15:10 - 2014-06-27 15:10 - 00000000 _____ () C:\asc_rdflag
    2014-06-27 07:42 - 2011-12-31 14:57 - 00416826 _____ () C:\Windows\system32\perfh011.dat
    2014-06-27 07:42 - 2011-12-31 14:57 - 00122208 _____ () C:\Windows\system32\perfc011.dat
    2014-06-27 07:42 - 2011-11-22 22:31 - 00745764 _____ () C:\Windows\system32\perfh00C.dat
    2014-06-27 07:42 - 2011-11-22 22:31 - 00149688 _____ () C:\Windows\system32\perfc00C.dat
    2014-06-27 07:42 - 2009-07-13 22:13 - 01424024 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-06-27 07:32 - 2014-06-05 23:53 - 00000000 ____D () C:\Program Files (x86)\osu!
    2014-06-25 23:51 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
    2014-06-25 23:50 - 2014-06-25 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
    2014-06-25 23:50 - 2014-06-25 23:50 - 00000000 ____D () C:\ProgramData\BlueStacks
    2014-06-25 23:50 - 2014-06-25 23:50 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
    2014-06-25 23:49 - 2014-06-25 23:49 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Bluestacks
    2014-06-25 23:49 - 2014-05-30 17:26 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
    2014-06-25 14:01 - 2013-10-06 15:54 - 00001323 _____ () C:\Users\Scot Grusian\HumbleKeys.txt
    2014-06-25 12:09 - 2014-06-25 12:09 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\CDWLauncher
    2014-06-25 02:26 - 2014-06-25 02:26 - 00000056 _____ () C:\Users\Scot Grusian\debut code.txt
    2014-06-24 00:35 - 2011-11-17 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Windows Tweaker
    2014-06-24 00:34 - 2014-01-15 22:17 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\DAEMON Tools Lite
    2014-06-23 23:20 - 2011-11-17 23:45 - 00000000 ____D () C:\Program Files\PeerBlock
    2014-06-23 17:33 - 2014-07-01 01:25 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Keymaker MAZE
    2014-06-22 15:05 - 2013-12-15 21:44 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
    2014-06-22 14:52 - 2013-09-13 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-06-22 14:52 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media
    2014-06-22 14:49 - 2014-06-22 14:49 - 00001181 _____ () C:\Users\Scot Grusian\AppData\Roaming\trace_FilterInstaller.txt
    2014-06-22 14:49 - 2014-06-22 14:49 - 00000000 _____ () C:\Users\Scot Grusian\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2014-06-22 14:46 - 2014-06-22 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
    2014-06-22 14:46 - 2013-12-15 21:44 - 00034512 _____ () C:\Windows\system32\Drivers\debutfilterx64.sys
    2014-06-22 14:46 - 2013-12-15 21:44 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
    2014-06-22 13:54 - 2013-12-18 21:17 - 00296960 ___SH () C:\Users\Scot Grusian\Thumbs.db
    2014-06-22 13:37 - 2014-06-22 13:37 - 00000000 ____D () C:\Users\Scot Grusian\D-Fend Reloaded
    2014-06-22 13:37 - 2014-06-22 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
    2014-06-22 13:37 - 2014-06-22 13:37 - 00000000 ____D () C:\Program Files (x86)\D-Fend Reloaded
    2014-06-22 13:37 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-06-22 13:34 - 2014-06-22 13:34 - 00000000 ____D () C:\Users\Scot Grusian\Downloads\number-munchers
    2014-06-22 12:47 - 2013-09-13 21:07 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2014-06-21 06:51 - 2014-06-21 06:51 - 00000335 _____ () C:\Users\Scot Grusian\Desktop\job hunting 6-21.txt
    2014-06-20 23:52 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
    2014-06-20 21:45 - 2014-06-20 21:45 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-06-20 21:45 - 2014-06-20 21:45 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-06-20 21:45 - 2014-06-20 21:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-06-20 21:45 - 2014-06-20 21:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-06-20 21:43 - 2011-07-27 15:06 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-06-20 21:33 - 2014-05-19 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-06-20 21:33 - 2013-09-13 18:39 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-06-20 21:18 - 2011-11-18 01:47 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-06-20 20:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-06-20 19:57 - 2014-01-15 23:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-06-20 19:55 - 2014-06-20 19:55 - 00000085 _____ () C:\Windows\wininit.ini
    2014-06-20 19:12 - 2011-11-25 10:32 - 00000000 ____D () C:\Windows\pss
    2014-06-20 18:54 - 2014-05-30 22:53 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Spotify
    2014-06-20 18:52 - 2014-05-11 10:18 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Raptr
    2014-06-20 18:11 - 2014-06-20 18:08 - 00022528 ___SH () C:\Users\Jscabdattr\Downloads\Thumbs.db
    2014-06-20 16:58 - 2011-11-17 23:45 - 00000000 ____D () C:\Program Files\WinRAR
    2014-06-20 16:58 - 2009-07-13 21:45 - 02235864 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-06-18 04:35 - 2014-06-18 04:35 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Remedy
    2014-06-17 23:59 - 2013-12-18 19:22 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Square Enix
    2014-06-17 22:58 - 2014-06-17 22:58 - 00000000 ____D () C:\Users\Scot Grusian\Documents\RPGVXAce
    2014-06-17 12:23 - 2011-11-18 01:01 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-06-17 12:23 - 2011-11-18 01:01 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-06-17 03:26 - 2013-12-13 21:43 - 00000000 ____D () C:\Users\Scot Grusian\Documents\SavedGames
    2014-06-16 21:56 - 2011-12-19 20:57 - 00000000 ___HD () C:\Windows\msdownld.tmp
    2014-06-16 21:54 - 2014-06-15 20:00 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Gaijin Games
    2014-06-16 21:54 - 2011-12-19 20:57 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
    2014-06-16 21:54 - 2011-12-19 20:57 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
    2014-06-16 21:54 - 2011-11-17 23:31 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2014-06-16 21:54 - 2011-11-17 23:31 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2014-06-16 19:31 - 2013-10-22 20:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-06-16 19:31 - 2013-09-15 00:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-06-16 19:31 - 2011-11-18 20:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-06-16 19:09 - 2013-10-22 15:56 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2014-06-16 19:09 - 2011-11-17 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2014-06-16 18:26 - 2014-05-31 19:18 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Spotify
    2014-06-16 00:19 - 2014-06-16 00:19 - 00000791 _____ () C:\Users\Scot Grusian\what am I even.txt
    2014-06-16 00:03 - 2014-05-01 00:41 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Vulcan
    2014-06-15 01:21 - 2014-06-15 01:21 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\Robot Entertainment
    2014-06-13 23:07 - 2014-06-13 23:07 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\MrBree
    2014-06-13 11:35 - 2013-12-13 21:43 - 00000000 ____D () C:\Users\Scot Grusian\Documents\resume
    2014-06-11 03:35 - 2013-02-17 00:31 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\RenPy
    2014-06-11 03:18 - 2011-03-01 18:22 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\Braid
    2014-06-10 21:31 - 2013-09-14 23:23 - 00000000 ____D () C:\Windows\system32\MRT
    2014-06-10 21:28 - 2011-11-17 23:28 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-06-10 21:26 - 2014-05-01 00:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-06-08 06:01 - 2014-06-08 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
    2014-06-08 03:02 - 2013-12-18 19:24 - 00000000 ____D () C:\Users\Scot Grusian\Documents\Anime List
    2014-06-08 02:13 - 2014-06-10 21:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-08 02:08 - 2014-06-10 21:12 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-06-08 01:30 - 2011-11-18 00:01 - 00067480 _____ () C:\Users\Scot Grusian\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-06-08 01:07 - 2014-06-08 01:06 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
    2014-06-08 01:07 - 2014-01-29 10:40 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
    2014-06-07 23:24 - 2014-06-07 23:24 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\BIT.TRIP BEAT
    2014-06-07 23:24 - 2011-12-19 20:57 - 00000000 ____D () C:\Windows\SysWOW64\directx
    2014-06-07 23:23 - 2014-06-07 06:05 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\StealthBastard[Steam]
    2014-06-06 00:06 - 2014-06-06 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2014-06-06 00:06 - 2011-11-17 23:42 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
    2014-06-05 23:03 - 2013-10-22 19:15 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Roaming\.minecraft
    2014-06-05 21:41 - 2014-04-11 17:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-05 21:26 - 2014-03-22 03:18 - 00000000 ____D () C:\Program Files (x86)\JDownloader
    2014-06-05 21:23 - 2014-01-30 06:19 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
    2014-06-05 21:21 - 2011-11-18 01:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-06-05 21:17 - 2014-05-21 02:04 - 00000000 ____D () C:\Users\Scot Grusian\AppData\Local\MagicCamera
    2014-06-05 21:17 - 2014-01-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
    2014-06-04 17:07 - 2014-06-04 17:07 - 00000000 ____D () C:\Users\Scot Grusian\Downloads\Pokemon Golden Silver
    2014-06-04 17:02 - 2014-04-11 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-03 23:32 - 2014-06-03 23:32 - 00000533 _____ () C:\Users\Scot Grusian\ways to be happy.txt
    2014-06-02 12:55 - 2014-06-02 12:55 - 00005742 _____ () C:\Windows\SysWOW64\collectionCache.bnk

    Some content of TEMP:
    ====================
    C:\Users\Jscabdattr\AppData\Local\Temp\07ded15b-c27d-2266-8ff4-3a02f760797a.tmp.exe
    C:\Users\Jscabdattr\AppData\Local\Temp\ApnIC.dll
    C:\Users\Jscabdattr\AppData\Local\Temp\ApnStub.exe
    C:\Users\Jscabdattr\AppData\Local\Temp\ApnToolbarInstaller.exe
    C:\Users\Jscabdattr\AppData\Local\Temp\AskSLib.dll
    C:\Users\Jscabdattr\AppData\Local\Temp\BunndleOfferManager.dll
    C:\Users\Jscabdattr\AppData\Local\Temp\devcon.exe
    C:\Users\Jscabdattr\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\Jscabdattr\AppData\Local\Temp\Second Life Setup.exe
    C:\Users\Jscabdattr\AppData\Local\Temp\Second_Life_Updater.exe
    C:\Users\Jscabdattr\AppData\Local\Temp\sfamcc00001.dll
    C:\Users\Jscabdattr\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Jscabdattr\AppData\Local\Temp\tmpAC07.exe
    C:\Users\Jscabdattr\AppData\Local\Temp\tmpE639.exe
    C:\Users\Scot Grusian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu8hziq.dll
    C:\Users\Scot Grusian\AppData\Local\Temp\iv_uninstall.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-06-28 12:28

    ==================== End Of Log ============================
     
  7. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014
    Ran by Scot Grusian at 2014-07-02 16:25:36
    Running from C:\Users\Scot Grusian\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30768 - BitTorrent Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    A Virus Named TOM (HKLM-x32\...\Steam App 207650) (Version: - Misfits Attic)
    A.R.E.S. (HKLM-x32\...\Steam App 92300) (Version: - Extend Studio)
    AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome (HKLM-x32\...\Steam App 15560) (Version: - Dejobaan Games, LLC)
    Actual Sunlight (HKLM-x32\...\Steam App 288040) (Version: - Will O'Neill)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
    Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
    Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
    Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
    Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
    Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
    Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
    Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
    Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
    Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
    Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Aerena (HKLM-x32\...\Steam App 247830) (Version: - Cliffhanger Productions)
    Afterfall InSanity Extended Edition (HKLM-x32\...\Steam App 224420) (Version: - Intoxicate Studios)
    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.03 - ASUSTeK Computer Inc.)
    Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
    Album Art Downloader XUI 1.00 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.00 - http://sourceforge.net/projects/album-art)
    Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
    Alpha Kimori™ Episode One (HKLM-x32\...\Steam App 265870) (Version: - Sherman3D)
    AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
    AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
    AMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
    AMD Steady Video Plug-In (Version: 2.04.0000 - AMD) Hidden
    AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
    AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
    Anomaly Warzone Earth (HKLM-x32\...\Steam App 91200) (Version: - 11 bit studios)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
    Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version: - Ubisoft Montreal)
    Astro Tripper (HKLM-x32\...\Steam App 110600) (Version: - PomPom)
    ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
    Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
    Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
    Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - BestGameEver)
    Audiosurf 2 (HKLM-x32\...\Steam App 235800) (Version: - Dylan Fitterer)
    Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
    Bad Bots (HKLM-x32\...\Steam App 235070) (Version: - Point Five Projects)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
    Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios Ltd.)
    BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
    Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)
    Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version: - Threaks)
    Bejeweled 3 (HKLM-x32\...\Steam App 78000) (Version: - PopCap Games, Inc.)
    Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
    Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
    BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
    BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
    BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
    BIT.TRIP BEAT (HKLM-x32\...\Steam App 63700) (Version: - Gaijin Games)
    BIT.TRIP CORE (HKLM-x32\...\Steam App 205060) (Version: - Gaijin Games)
    BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version: - Gaijin Games)
    BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.11.3116 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{80194F84-21CE-44CF-A46E-38D8CE448856}) (Version: 0.8.11.3116 - BlueStack Systems, Inc.)
    Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
    Braid (HKLM-x32\...\Steam App 26800) (Version: - Number None)
    Brütal Legend (HKLM-x32\...\Steam App 225260) (Version: - Double Fine Productions)
    Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
    Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    Cave Story+ (HKLM-x32\...\Steam App 200900) (Version: - Nicalis)
    CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
    Chains (HKLM-x32\...\Steam App 11360) (Version: - 2DEngine.com)
    Chime (HKLM-x32\...\Steam App 62100) (Version: - Zoë Mode)
    Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
    Chroma Closed Alpha (HKLM-x32\...\Steam App 241850) (Version: - Harmonix Music Systems, Inc)
    Cogs (HKLM-x32\...\Steam App 26500) (Version: - Lazy 8 Studios)
    Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{81AD22B9-C28A-45a3-94B3-5FECD221AD5C}) (Version: 3.10.7525.4 - Sony Computer Entertainment Inc.)
    CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAMN NFO Viewer 2.10.0031 RC3 (HKLM-x32\...\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}) (Version: 2.10.0031 - DAMN)
    Darkspore (HKLM-x32\...\Steam App 99890) (Version: - Maxis™)
    Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.00 - NCH Software)
    Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)
    Deus Ex: Human Revolution - The Missing Link (HKLM-x32\...\Steam App 201280) (Version: - Eidos Montreal)
    Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)
    Deus Ex: The Fall (HKLM-x32\...\Steam App 258180) (Version: - Square Enix)
    D-Fend Reloaded 1.2.1 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.2.1 - Alexander Herzog)
    Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
    Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
    Dropbox (HKCU\...\Dropbox) (Version: 2.8.4 - Dropbox, Inc.)
    Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version: - 3D Realms)
    Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
    Dungeon Hearts (HKLM-x32\...\Steam App 229520) (Version: - Cube Roots)
    Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
    Dustforce (HKLM-x32\...\Steam App 65300) (Version: - Hitbox Team)
    Dwarfs!? (HKLM-x32\...\Steam App 35480) (Version: - Power of 2)
    Dysfunctional Systems: Learning to Manage Chaos (HKLM-x32\...\Steam App 248800) (Version: - Dischan Media)
    Eets Munchies (HKLM-x32\...\Steam App 214550) (Version: - )
    Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version: - Michael Todd Games)
    Eufloria (HKLM-x32\...\Steam App 41210) (Version: - )
    Evoland (HKLM-x32\...\Steam App 233470) (Version: - Shiro Games)
    f.lux (HKCU\...\Flux) (Version: - )
    Faerie Solitaire (HKLM-x32\...\Steam App 38600) (Version: - Subsoap)
    FaeVerse Alchemy (HKLM-x32\...\Steam App 282880) (Version: - Subsoap)
    Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    Famaze (HKLM-x32\...\Steam App 297210) (Version: - Oryx Design Lab)
    FastStone Image Viewer 5.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.1 - FastStone Soft)
    FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
    Final DOOM (HKLM-x32\...\Steam App 2290) (Version: - id Software)
    FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
    Foldit (HKLM-x32\...\Foldit) (Version: - )
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
    Fractal: Make Blooms Not War (HKLM-x32\...\Steam App 61310) (Version: - Cipher Prime Studios)
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version: - Black Forest Games)
    Giants (HKLM-x32\...\{97370293-96EC-11D4-9DEF-00104B70C5FB}) (Version: - )
    Google Chrome (HKLM-x32\...\{E1AA8B0F-1176-36F1-8A91-AA19CF39C2F6}) (Version: 65.169.76 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
    Hack, Slash, Loot (HKLM-x32\...\Steam App 207430) (Version: - David Williamson)
    Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version: - Opus )
    Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
    Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
    Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
    Hammerfight (HKLM-x32\...\Steam App 41100) (Version: - Konstantin Koshutin)
    HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
    Hard Reset (HKLM-x32\...\Steam App 98400) (Version: - Flying Wild Hog)
    Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)
    Hero Academy (HKLM-x32\...\Steam App 209270) (Version: - Robot Entertainment)
    Hexcells Plus (HKLM-x32\...\Steam App 271900) (Version: - Matthew Brown)
    HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
    Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version: - Dark Energy Digital Ltd.)
    Insanely Twisted Shadow Planet (HKLM-x32\...\Steam App 205730) (Version: - Shadow Planet Productions)
    Jamestown (HKLM-x32\...\Steam App 94200) (Version: - Final Form Games)
    Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
    Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
    Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
    JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.62.0 - JMicron Technology Corp.)
    Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
    Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
    K-Lite Codec Pack 10.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
    Knights of Pen and Paper +1 (HKLM-x32\...\Steam App 231740) (Version: - Behold Studios)
    LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
    Lead and Gold - Gangs of the Wild West (HKLM-x32\...\Steam App 42120) (Version: - Fatshark)
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Legend of Dungeon (HKLM-x32\...\Steam App 238280) (Version: - )
    Legendary (HKLM-x32\...\Steam App 16730) (Version: - Spark Unlimited)
    LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead)
    Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)
    Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
    Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
    Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare)
    Master Levels for DOOM II (HKLM-x32\...\Steam App 9160) (Version: - id Software)
    Master Reboot (HKLM-x32\...\Steam App 251850) (Version: - Wales Interactive)
    McPixel (HKLM-x32\...\Steam App 220860) (Version: - Sos)
    Melody's Escape (HKLM-x32\...\Steam App 270210) (Version: - Icetesy SPRL)
    Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
    Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (JPN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Minimum (HKLM-x32\...\Steam App 214190) (Version: - Human Head Studios)
    Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    Mr. Bree+ (HKLM-x32\...\Steam App 264220) (Version: - TawStudio Entertainment)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Multimedia Fusion 2 (HKLM-x32\...\Multimedia Fusion 2) (Version: - )
    My Game Long Name (HKLM\...\UDK-7f4cad9e-fc59-41a1-9607-71234cc4f29a) (Version: - Epic Games, Inc.)
    My Game Long Name (HKLM\...\UDK-9f8c7788-b151-4878-895c-9a361eaba261) (Version: - Epic Games, Inc.)
    Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
    NaturalReaderFree (HKLM-x32\...\{B99690D5-0BD4-403B-98D9-D0E997239454}) (Version: 1.00.0000 - Naturalsoft)
    Nuclear Dawn (HKLM-x32\...\Steam App 17710) (Version: - InterWave Studios)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
    Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - Robot Entertainment)
    Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
    Osmos (HKLM-x32\...\Steam App 29180) (Version: - Hemisphere Games)
    osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
    PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version: - Mine Loader Software Co., Ltd.)
    Paranautical Activity (HKLM-x32\...\Steam App 250580) (Version: - Code Avarice)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
    Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version: - PopCap Games, Inc.)
    Peggle Nights (HKLM-x32\...\Steam App 3540) (Version: - PopCap Games, Inc.)
    Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version: - Zeboyd Games)
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Pid (HKLM-x32\...\Steam App 218740) (Version: - Might and Delight)
    Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap)
    Playfire (HKLM-x32\...\{f1d67209-3215-46dc-8fe9-17bf73f21f6f}) (Version: 0.0.57.0 - Playfire)
    Playfire (x32 Version: 0.0.57.0 - Playfire) Hidden
    Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
    Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version: - Telltale Games)
    Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
    Psychonauts (HKLM-x32\...\Steam App 3830) (Version: - Double Fine Productions)
    Q.U.B.E. (HKLM-x32\...\Steam App 203730) (Version: - Toxic Games)
    Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version: - Airtight Games)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    RAW - Realms of Ancient War (HKLM-x32\...\Steam App 209730) (Version: - Wizarbox)
    Really Big Sky (HKLM-x32\...\Steam App 201570) (Version: - Boss Baddie)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
    Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )
    Rekoil (HKLM-x32\...\Steam App 243320) (Version: - Plastic Piranha)
    Retro/Grade (HKLM-x32\...\Steam App 222660) (Version: - 24 Caret Games)
    Rochard (HKLM-x32\...\Steam App 107800) (Version: - Recoil Games)
    Rock of Ages (HKLM-x32\...\Steam App 22230) (Version: - ACE Team)
    Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
    RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version: - Enterbrain)
    RPG Maker XP (HKLM-x32\...\Steam App 235900) (Version: - Degica)
    Rush Bros (HKLM-x32\...\Steam App 234490) (Version: - XYLA Entertainment)
    Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
    Sanctum (HKLM-x32\...\Steam App 91600) (Version: - Coffee Stain Studios)
    Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
    Science Girls (HKLM-x32\...\Steam App 269010) (Version: - Spiky Caterpillar)
    Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)
    Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
    Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
    SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
    Sequence (HKLM-x32\...\Steam App 200910) (Version: - Iridium Studios)
    Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version: - Croteam)
    Shadow Warrior Classic Redux (HKLM-x32\...\Steam App 225160) (Version: - 3D Realms)
    Shatter (HKLM-x32\...\Steam App 20820) (Version: - Sidhe)
    Shattered Horizon (HKLM-x32\...\Steam App 18110) (Version: - Futuremark)
    Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis Games)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    SimCity 4 (HKLM-x32\...\{611BD998-34B9-4DDA-00AE-0CB4632E86FA}) (Version: - )
    Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
    Sonic Adventure™ 2 (HKLM-x32\...\Steam App 213610) (Version: - SEGA)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
    Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
    Splice (HKLM-x32\...\Steam App 209790) (Version: - Cipher Prime Studios)
    Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
    Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
    Stealth Bastard Deluxe (HKLM-x32\...\Steam App 209190) (Version: - Curve Studios)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Strike Suit Infinity (HKLM-x32\...\Steam App 234160) (Version: - Born Ready Games Ltd.)
    Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version: - Born Ready Games Ltd.)
    Strike Suit Zero: Director's Cut (HKLM-x32\...\Steam App 288370) (Version: - Born Ready Games)
    Strike Vector (HKLM-x32\...\Steam App 246700) (Version: - Ragequit Corporation)
    Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
    Super House of Dead Ninjas (HKLM-x32\...\Steam App 224820) (Version: - Megadev)
    Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - )
    Super Meat Boy Editor (HKLM-x32\...\Steam App 40810) (Version: - )
    Super Monday Night Combat (HKLM-x32\...\Steam App 104700) (Version: - Uber Entertainment)
    Super Sanctum TD (HKLM-x32\...\Steam App 235250) (Version: - Coffee Stain Studios)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Symphony (HKLM-x32\...\Steam App 207750) (Version: - Empty Clip Studios)
    System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
    System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - Irrational Games)
    TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
    TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    The Binding Of Isaac (HKLM-x32\...\Steam App 113200) (Version: - )
    The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Game Studios®)
    The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios)
    The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version: - Snowblind Studios)
    The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
    Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version: - Stridemann)
    Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
    Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
    Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army)
    Unlocker 1.9.0-x64 (HKLM\...\Unlocker) (Version: 1.9.0-x64 - Cedrick Collomb)
    Unreal Development Kit: 2012-07 (HKLM\...\UDK-495acb14-e0a5-4607-b645-c64dcf1e1b1b) (Version: - Epic Games, Inc.)
    Unreal Development Kit: 2012-10 (HKLM\...\UDK-789e123d-2f93-414a-b973-48a98f77d0d6) (Version: - Epic Games, Inc.)
    Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version: - RuneStorm)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    VVVVVV (HKLM-x32\...\Steam App 70300) (Version: - Terry Cavanagh)
    Wakfu (HKCU\...\wakfu) (Version: - Ankama Games)
    WARP (HKLM-x32\...\Steam App 102850) (Version: - Trapdoor Inc.)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
    Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
    World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY )
    Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Software Ltd.)
    Yosumin! (HKLM-x32\...\Steam App 23300) (Version: - Square Enix)
    Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
    Zuma's Revenge (HKLM-x32\...\Steam App 3620) (Version: - PopCap Games, Inc.)
     
  8. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Addition, cont:

    ==================== Restore Points =========================

    28-06-2014 18:38:27 Windows Update
    29-06-2014 09:42:04 Installed DirectX
    01-07-2014 06:56:27 Windows Live Essentials
    01-07-2014 06:59:21 Installed DirectX
    01-07-2014 06:59:46 Installed DirectX
    01-07-2014 07:00:20 Installed DirectX
    01-07-2014 07:01:29 WLSetup
    02-07-2014 00:41:07 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 19:34 - 2014-06-20 19:24 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {022A814F-5D58-4804-882D-41B84E4911C8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {04961991-A0CF-45C8-A264-0F4A3748D7D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
    Task: {3FABEEC2-708C-49AD-AE9C-823E0BE79431} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {58938A88-8192-408C-A689-5467677A8642} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
    Task: {5986939D-BC36-43E0-8C80-455B98ACC6C8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {8DB0F8A4-9775-496E-9415-D12AC377610F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16] (Adobe Systems Incorporated)
    Task: {A753E96D-1F6D-4B32-A6EB-F1AA810ADEE8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {C1CCBD43-05C7-42AF-ACE6-902418BAF2CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18] (Google Inc.)
    Task: {CE1961ED-22F8-4514-829C-A72BA494D8B5} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
    Task: {D033B5AE-8913-4358-B181-94E3A231C0B1} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {E0823C7E-1F4E-4F2D-9226-6F5535E20D0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18] (Google Inc.)
    Task: {E548D9A8-6543-4EB4-9BB4-557A2E3969C6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-01-15 22:59 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
    2014-04-17 22:29 - 2014-04-17 22:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-01-13 02:03 - 2011-10-07 12:34 - 00922240 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    2010-12-01 19:15 - 2010-12-01 19:15 - 00915584 ____N () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    2011-11-18 01:13 - 2010-10-21 02:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    2013-12-17 23:05 - 2012-01-29 17:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
    2010-04-29 16:40 - 2010-04-29 16:40 - 00013312 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2013-12-17 23:05 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
    2014-04-17 22:29 - 2014-04-17 22:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2014-01-13 02:03 - 2014-06-27 15:12 - 00034816 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\PEbiosinterface32.dll
    2014-01-13 02:03 - 2011-10-07 12:34 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\ATKEX.dll
    2011-11-18 01:13 - 2011-07-12 20:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
    2011-11-18 01:13 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
    2011-11-18 01:14 - 2011-02-09 10:02 - 00873472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
    2011-11-18 01:18 - 2011-03-09 15:55 - 01036800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
    2011-11-18 01:13 - 2011-08-12 16:48 - 00985088 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
    2011-11-18 01:13 - 2011-07-26 17:16 - 00880128 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
    2011-11-18 01:13 - 2011-07-29 12:44 - 01611776 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
    2011-11-18 01:13 - 2011-08-09 13:15 - 01242624 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
    2011-11-18 01:13 - 2011-07-21 10:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
    2011-11-18 01:13 - 2011-07-21 21:33 - 00885760 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
    2011-11-18 01:12 - 2010-08-22 19:17 - 00662016 ____N () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
    2011-11-18 01:13 - 2010-10-05 09:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
    2011-11-18 01:13 - 2010-06-21 16:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
    2014-05-01 04:10 - 2014-05-30 18:27 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
    2014-03-04 00:06 - 2014-05-30 18:27 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
    2014-05-01 04:10 - 2014-05-30 18:27 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
    2013-12-29 13:35 - 2014-05-30 18:27 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
    2013-08-21 14:18 - 2014-06-26 15:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2014-05-01 04:10 - 2014-06-26 15:40 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-05-01 04:10 - 2014-04-28 17:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
    2011-11-19 21:10 - 2014-06-26 15:40 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2011-11-19 21:10 - 2014-05-01 16:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2012-03-14 21:24 - 2013-06-14 16:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    2012-03-14 21:24 - 2013-06-14 16:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
    2012-03-14 21:24 - 2013-06-14 16:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
    2014-06-16 18:56 - 2014-06-16 19:20 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
    2012-12-11 20:28 - 2014-06-26 15:40 - 00130752 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
    2011-11-19 21:10 - 2014-05-30 18:27 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
    2011-11-19 21:10 - 2014-05-30 18:27 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
    2014-06-12 15:05 - 2014-06-05 06:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
    2014-06-12 15:05 - 2014-06-05 06:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
    2014-06-12 15:05 - 2014-06-05 06:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
    2014-06-12 15:05 - 2014-06-05 06:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
    2014-06-12 15:05 - 2014-06-05 06:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
    2014-06-12 15:05 - 2014-06-05 06:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation(R).lnk => C:\Windows\pss\Content Manager Assistant for PlayStation(R).lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Scot Grusian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Scot Grusian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk => C:\Windows\pss\Trillian.lnk.Startup
    MSCONFIG\startupreg: f.lux => "C:\Users\Scot Grusian\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Spotify => "C:\Users\Scot Grusian\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Scot Grusian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: uTorrent => "C:\Users\Scot Grusian\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/02/2014 04:03:33 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 03:03:33 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 02:02:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 01:02:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 00:02:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 11:02:18 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 02:11:48 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 01:10:34 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 00:10:34 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/01/2014 11:10:34 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005


    System errors:
    =============
    Error: (07/02/2014 03:59:49 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 02:51:44 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.6.
    The computer with the IP address 10.0.0.2 did not allow the name to be claimed by
    this computer.

    Error: (07/02/2014 02:23:18 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 01:50:46 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 01:03:21 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 00:51:23 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 00:39:26 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 00:15:33 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 00:03:38 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 11:39:46 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.


    Microsoft Office Sessions:
    =========================
    Error: (07/02/2014 04:03:33 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/02/2014 03:03:33 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/02/2014 02:02:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/02/2014 01:02:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/02/2014 00:02:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/02/2014 11:02:18 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/02/2014 02:11:48 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/02/2014 01:10:34 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/02/2014 00:10:34 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/01/2014 11:10:34 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005


    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 16329.21 MB
    Available physical RAM: 13098.58 MB
    Total Pagefile: 32656.61 MB
    Available Pagefile: 27384.51 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:2047.9 GB) (Free:399.83 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: F1F046C8)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=-105906176) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  9. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    The Security log shows that you're still running MSE. You need to disable/uninstall it and activate Windows Defender
    P2P - I see you have P2P software installed on your machine. (µTorrent ) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
    ***************************************
    Please download AdwCleaner by Xplode onto your Desktop.
    Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
    [​IMG]
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    When the AdwCleaner program will open, click on the Scan button as shown below.
    [​IMG]
    AdwCleaner will now start to search for malicious files that may be installed on your computer.
    To remove the files that were detected in the previous step, please click on the Clean button.
    [​IMG]
    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
    *********************************************
    [​IMG] Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • It should update automatically if the computer is connected to the internet.
    • Click on Threat Scan and click on Scan Now.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
    • Click on "Quarantine All" You may be asked to Restart your computer to completely remove the infections.
    • When disinfection is completed you can click on "Copy to Clipboard".
    • Paste the log in you next reply (CTRL+ V)
    *************************************************
    Please download Junkware Removal Tool to your desktop.
    Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    Shut down your protection software now to avoid potential conflicts.
    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    •The tool will open and start scanning your system.
    •Please be patient as this can take a while to complete depending on your system's specifications.
    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    •Copy and Paste the JRT.txt log into your next message.
     
  10. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    I will run the scans, but first I wanted to mention Action Center says I have no antivirus installed now. (uninstalled MSE) But I'm not sure if I need to install more antivirus or if I'm really fine now.
     
  11. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    If your OS is Windows 7 you will need MSE. If it's Windows 8 or 8/1 you will already have Windows Defender protecting your computer.

    Please download MiniToolBox to Desktop and run it.
    [​IMG]
    Checkmark the following boxes:

    • [*]Flush DNS
      [*]Report IE Proxy Settings
      [*]Reset IE Proxy Settings
      [*]List content of Hosts
      [*]List IP Configuration
      [*]Lst Last 10 Event Viewer Errors
      [*]List Users, Partitions and Memory Size
    Click Go and copy/paste the log (Result.txt) into your next post.
     
     
  12. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    MiniToolBox by Farbar Version: 25-06-2014
    Ran by Scot Grusian (administrator) on 02-07-2014 at 18:54:48
    Running from "C:\Users\Scot Grusian\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    ProxyServer: localhost:21320

    "Reset IE Proxy Settings": IE Proxy Settings were reset.
    ========================= Hosts content: =================================


    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com

    There are 15472 more lines starting with "127.0.0.1"

    ========================= IP Configuration: ================================

    Belkin USB Wireless Adaptor = Wireless Network Connection (Connected)
    Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Atlas
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : hsd1.or.comcast.net.

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . : hsd1.or.comcast.net.
    Description . . . . . . . . . . . : Belkin USB Wireless Adaptor
    Physical Address. . . . . . . . . : EC-1A-59-B5-83-2B
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2601:7:80:6fb:64d5:888e:c442:98ef(Preferred)
    Temporary IPv6 Address. . . . . . : 2601:7:80:6fb:8da3:51e1:2f38:f13c(Preferred)
    Link-local IPv6 Address . . . . . : fe80::64d5:888e:c442:98ef%12(Preferred)
    IPv4 Address. . . . . . . . . . . : 10.0.0.6(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Friday, June 27, 2014 3:12:08 PM
    Lease Expires . . . . . . . . . . : Wednesday, July 09, 2014 5:11:00 PM
    Default Gateway . . . . . . . . . : fe80::920d:cbff:fe41:7f21%12
    10.0.0.1
    DHCP Server . . . . . . . . . . . : 10.0.0.1
    DHCPv6 IAID . . . . . . . . . . . : 334240345
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-57-C9-B8-14-DA-E9-D7-61-D9
    DNS Servers . . . . . . . . . . . : 2001:558:feed::1
    2001:558:feed::2
    75.75.75.75
    75.75.76.76
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Physical Address. . . . . . . . . : 14-DA-E9-D7-61-D9
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Server: cdns01.comcast.net
    Address: 2001:558:feed::1

    Name: google.com
    Addresses: 2607:f8b0:400a:805::1006
    173.194.33.9
    173.194.33.7
    173.194.33.8
    173.194.33.1
    173.194.33.2
    173.194.33.5
    173.194.33.6
    173.194.33.0
    173.194.33.4
    173.194.33.3
    173.194.33.14


    Pinging google.com [2607:f8b0:400a:801::1001] with 32 bytes of data:
    Reply from 2607:f8b0:400a:801::1001: time=17ms
    Reply from 2607:f8b0:400a:801::1001: time=16ms

    Ping statistics for 2607:f8b0:400a:801::1001:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 17ms, Average = 16ms
    Server: cdns01.comcast.net
    Address: 2001:558:feed::1

    Name: yahoo.com
    Addresses: 98.138.253.109
    206.190.36.45
    98.139.183.24


    Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
    Reply from 98.138.253.109: bytes=32 time=84ms TTL=48
    Reply from 98.138.253.109: bytes=32 time=90ms TTL=48

    Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 84ms, Maximum = 90ms, Average = 87ms

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    12...ec 1a 59 b5 83 2b ......Belkin USB Wireless Adaptor
    11...14 da e9 d7 61 d9 ......Realtek PCIe GBE Family Controller
    1...........................Software Loopback Interface 1
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.6 25
    10.0.0.0 255.255.255.0 On-link 10.0.0.6 281
    10.0.0.6 255.255.255.255 On-link 10.0.0.6 281
    10.0.0.255 255.255.255.255 On-link 10.0.0.6 281
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 10.0.0.6 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 10.0.0.6 281
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    12 281 ::/0 fe80::920d:cbff:fe41:7f21
    1 306 ::1/128 On-link
    12 33 2601:7:80:6fb::/64 On-link
    12 281 2601:7:80:6fb:64d5:888e:c442:98ef/128
    On-link
    12 281 2601:7:80:6fb:8da3:51e1:2f38:f13c/128
    On-link
    12 281 fe80::/64 On-link
    12 281 fe80::64d5:888e:c442:98ef/128
    On-link
    1 306 ff00::/8 On-link
    12 281 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (07/02/2014 06:52:42 PM) (Source: Application Hang) (User: )
    Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 98c

    Start Time: 01cf965b42d734c6

    Termination Time: 6

    Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

    Report Id: b5aa917a-0254-11e4-a48a-14dae9d761d9

    Error: (07/02/2014 06:03:34 PM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 05:03:33 PM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 04:03:33 PM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 03:03:33 PM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 02:02:19 PM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 01:02:19 PM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 00:02:19 PM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 11:02:18 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/02/2014 02:11:48 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005


    System errors:
    =============
    Error: (07/02/2014 06:42:43 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 06:05:41 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 03:59:49 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 02:51:44 PM) (Source: NetBT) (User: )
    Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.6.
    The computer with the IP address 10.0.0.2 did not allow the name to be claimed by
    this computer.

    Error: (07/02/2014 02:23:18 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 01:50:46 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 01:03:21 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 00:51:23 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 00:39:26 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.

    Error: (07/02/2014 00:15:33 PM) (Source: bowser) (User: )
    Description: The master browser has received a server announcement from the computer FARNSWORTH
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83D8A623-AE5F-4CCD-9E85-7B80D1EF9D94}.
    The master browser is stopping or an election is being forced.


    Microsoft Office Sessions:
    =========================
    Error: (07/02/2014 06:52:42 PM) (Source: Application Hang)(User: )
    Description: SDScan.exe2.4.40.18198c01cf965b42d734c66C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeb5aa917a-0254-11e4-a48a-14dae9d761d9

    Error: (07/02/2014 06:03:34 PM) (Source: Software Protection Platform Service)(User: )
    Description: 0x80070005

    Error: (07/02/2014 05:03:33 PM) (Source: Software Protection Platform Service)(User: )
    Description: 0x80070005

    Error: (07/02/2014 04:03:33 PM) (Source: Software Protection Platform Service)(User: )
    Description: 0x80070005

    Error: (07/02/2014 03:03:33 PM) (Source: Software Protection Platform Service)(User: )
    Description: 0x80070005

    Error: (07/02/2014 02:02:19 PM) (Source: Software Protection Platform Service)(User: )
    Description: 0x80070005

    Error: (07/02/2014 01:02:19 PM) (Source: Software Protection Platform Service)(User: )
    Description: 0x80070005

    Error: (07/02/2014 00:02:19 PM) (Source: Software Protection Platform Service)(User: )
    Description: 0x80070005

    Error: (07/02/2014 11:02:18 AM) (Source: Software Protection Platform Service)(User: )
    Description: 0x80070005

    Error: (07/02/2014 02:11:48 AM) (Source: Software Protection Platform Service)(User: )
    Description: 0x80070005


    ========================= Memory info: ===================================

    Percentage of memory in use: 23%
    Total physical RAM: 16329.21 MB
    Available physical RAM: 12517.11 MB
    Total Pagefile: 32656.61 MB
    Available Pagefile: 27261.83 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3984.87 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:2047.9 GB) (Free:400.07 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\ATLAS

    Administrator Guest Jscabdattr
    Scot Grusian


    **** End of log ****
     
  13. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Last time I let someone use my computer without asking, haha.
    Also avoiding certain sites now. I remember CNet always shoving some junkware and unncecessary bits at me, despite unclicking boxes.
     
  14. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    I'm running Win7, and windows defender I don't think has had an issue, but I haven't restarted my PC in some time. Would you like me to do those other scans?
    I reinstalled MSE.
     
  15. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Going to run ADW, I already have MBAM, which I installed using ninite.com. It's been running a little funny lately, so I think I will uninstall and reinstall using your link.
     
  16. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Finished the ADW scan, didn't delete the NCH software, because I'm only using 1 program from them, and I use it fairly often. When I find a replacement, I'll run it again, but I don't think it's a malware-infested program.

    # AdwCleaner v3.214 - Report created 02/07/2014 at 20:33:48
    # Updated 29/06/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Scot Grusian - ATLAS
    # Running from : C:\Users\Scot Grusian\Downloads\adwcleaner_3.214.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : Util Mega Browse
    Service Deleted : wStLibG64

    ***** [ Files / Folders ] *****

    [x] Not Deleted : C:\ProgramData\NCH Software
    Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
    [x] Not Deleted : C:\Program Files (x86)\NCH Software
    Folder Deleted : C:\Users\SCOTGR~1\AppData\Local\Temp\OCS
    [x] Not Deleted : C:\Users\Scot Grusian\AppData\Roaming\NCH Software
    Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oquyjrtc.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oquyjrtc.default\Extensions\staged\ffxtlbr@mysearchdial.com
    File Deleted : C:\Windows\System32\drivers\wStLibG64.sys
    File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oquyjrtc.default\user.js
    File Deleted : C:\Users\Scot Grusian\AppData\Roaming\Mozilla\Firefox\Profiles\l71b7tm1.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
    Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-virtual-pc_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-virtual-pc_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_second-life_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_second-life_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E0E899AB-F487-11D5-8D29-0050BA6940E3}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\OCS
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\Software\Conduit

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17126


    -\\ Mozilla Firefox v30.0 (en-US)

    [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oquyjrtc.default\prefs.js ]

    Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

    [ File : C:\Users\Scot Grusian\AppData\Roaming\Mozilla\Firefox\Profiles\l71b7tm1.default\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
    Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
    Line Deleted : user_pref("extensions.irmysearch.aflt", "ir_14_12_ch");
    Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0E0CtC0AyDzy0ByDzztAtB0Bzzzy0EzytN0D0Tzu0CzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyCyE0B0EyB0EtG0CtDyD0At[...]
    Line Deleted : user_pref("extensions.irmysearch.cr", "1888535898");
    Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_a");

    -\\ Google Chrome v35.0.1916.153

    [ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzy0ByDzztAtB0Bzzzy0EzytN0D0Tzu0CzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyCyE0B0EyB0EtG0CtDyD0AtG0E0B0DyBtGtAyDyD0CtGtB0CtB0AyDzyzyyDyDyByCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzztBtC0D0Dzy0CtGyB0F0AtAtGyCyDyCtAtG0CtD0CyBtGyCyByEyB0D0FyCtCyEyDyDyE2Q&cr=1888535898&ir=

    [ File : C:\Users\Jscabdattr\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzy0ByDzztAtB0Bzzzy0EzytN0D0Tzu0CzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyCyE0B0EyB0EtG0CtDyD0AtG0E0B0DyBtGtAyDyD0CtGtB0CtB0AyDzyzyyDyDyByCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzztBtC0D0Dzy0CtGyB0F0AtAtGyCyDyCtAtG0CtD0CyBtGyCyByEyB0D0FyCtCyEyDyDyE2Q&cr=1888535898&ir=

    [ File : C:\Users\Scot Grusian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzy0ByDzztAtB0Bzzzy0EzytN0D0Tzu0CzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyCyE0B0EyB0EtG0CtDyD0AtG0E0B0DyBtGtAyDyD0CtGtB0CtB0AyDzyzyyDyDyByCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzztBtC0D0Dzy0CtGyB0F0AtAtGyCyDyCtAtG0CtD0CyBtGyCyByEyB0D0FyCtCyEyDyDyE2Q&cr=1888535898&ir=
    Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

    *************************

    AdwCleaner[R0].txt - [7927 octets] - [02/07/2014 19:29:10]
    AdwCleaner[S0].txt - [7811 octets] - [02/07/2014 20:33:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7871 octets] ##########
     
  17. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/2/2014
    Scan Time: 9:28:35 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.02.08
    Rootkit Database: v2014.02.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Scot Grusian

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 359966
    Time Elapsed: 14 min, 11 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.Extutil.A, C:\Users\Scot Grusian\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [d3aa75692e4c47ef4f139916659d60a0],
    PUP.Optional.Managera.A, C:\Users\Scot Grusian\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [e598aa348feb54e2b8abe4cb3bc7e818],

    Files: 1
    Riskware.Crk, C:\Users\Scot Grusian\Documents\Keymaker MAZE.rar, Quarantined, [b3ca6e70e09a3cfa3d1f6fa8fc06b050],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  18. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Completed JRT:


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Scot Grusian on Wed 07/02/2014 at 21:57:39.17
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values




    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Scot Grusian\AppData\Roaming\mozilla\firefox\profiles\l71b7tm1.default\minidumps [21 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 07/02/2014 at 22:00:09.84
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    It removed a module and rebooted, and nothing else was found.
     
  19. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Though I should say Spybot S&D (2) was set as a startup program, so I'm not sure if that might have conflicted.
     
  20. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Spybot is an obsolete program. I unistalled mine a long time ago.
    Please give me an update on how your computer is working now?
     
  21. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Oh, I stopped using the previous version of SpyBot. I'm using S&D 2.0.1 I think? (has frequent updates) Is that one fine, or still obsolete?

    Seems to be working alright. When I come back from sleep the mouse is a little sluggish, and sometimes slows down it feels like, but I could be nit-picking.

    Seems to be alright, but the internet speed is still slow. That might be our wireless-modem, but I was hoping to make sure my connection to it was secure.

    Overall, things seem fine, is there anything else I should scan for?
     
  22. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    Should I be posting on a forum about internet speeds and networking? I wanted to cover my bases and make sure my computer was secure before assuming Comcast is throttling me.
     
  23. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    I wasn't aware that they came out with a new version. I'll have to check it out.
    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
     
  24. Scot G. Russian

    Scot G. Russian TS Rookie Topic Starter Posts: 76

    RogueKiller looks like it ran just fine. It only found results in the registry and Web Browsers tabs.

    RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Scot Grusian [Admin rights]
    Mode : Scan -- Date : 07/03/2014 20:17:45

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 14 ¤¤¤
    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2772686979-1836086579-1152052998-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2772686979-1836086579-1152052998-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2772686979-1836086579-1152052998-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2772686979-1836086579-1152052998-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
    [PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-2772686979-1836086579-1152052998-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND
    [PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-2772686979-1836086579-1152052998-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2772686979-1836086579-1152052998-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2772686979-1836086579-1152052998-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HDS5C3030ALA630 SCSI Disk Device +++++
    --- User ---
    [MBR] 9b164d0200bbdb18dbbd3dfd77b35e95
    [BSP] 207f5bddefc082619bebdc8c26529f8d : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 2097051 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )
     
  25. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    I'd like to scan your machine with ESET OnlineScan
    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
    •Click the [​IMG] button.
    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    •Check [​IMG]
    •Click the [​IMG] button.
    •Accept any security warnings from your browser.
    • Leave the check mark next to Remove found threats.
    •Check [​IMG]
    •Push the Start button.
    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    •When the scan completes, push [​IMG]
    •Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    •Push the [​IMG] button.
    •Push [​IMG]
    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.