TechSpot

Slow, crashing, unresponsive pc (possible virus)

Solved
By Classified1
Jun 12, 2013
  1. I will provide a brief description of what is going on. This pc I am working on has been frequently slowed down, crashed several programs a few times, and encountered a blue screen once when attempting to start windows. After a few tries trying to log in, I managed to quickly download malwarebytes and the other program you requested and found 15 types of malware on the pc. I am still uncertain that the job is finished because of the blue screen and the interaction of the files with the core window components. Here are the logs below.
    Thanks in advance, you guys have helped me before. :)



    MALWARE BYTES LOG

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.12.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16576
    Zach :: ZACH-MSI [administrator]

    6/12/2013 2:50:01 PM
    mbam-log-2013-06-12 (14-50-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 264437
    Time elapsed: 3 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 10
    HKCR\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCR\BrowserConnection.Loader.1 (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCR\BrowserConnection.Loader (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Data: Search-Results Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (PUP.Datamngr) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (PUP.Datamngr) -> Quarantined and deleted successfully.
    C:\Users\Zach\Downloads\FlashPlayer_V.146346413c.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.

    (end)


    DDS LOG


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.17.2
    Run by Zach at 15:11:15 on 2013-06-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5525 [GMT -4:00]
    .
    AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\S-Bar\MSIService.exe
    C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\rundll32.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
    C:\Program Files (x86)\S-Bar\S-Bar.exe
    C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
    C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
    C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\System32\WUDFHost.exe
    C:\Users\Zach\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Zach\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Zach\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Zach\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    C:\ProgramData\FLEXnet\Connect\11\agent.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.searchnu.com/406
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [Google Update] "C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe
    mRun: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
    mRun: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
    mRun: [UpdReg] C:\windows\UpdReg.EXE
    mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MARKET~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: mypestpac.com
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{FD69B12D-82EE-469A-ADCF-49C7C5815F4E} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{FD69B12D-82EE-469A-ADCF-49C7C5815F4E}\6434B49313 : DHCPNameServer = 192.168.1.1 71.242.0.12
    TCP: Interfaces\{FD69B12D-82EE-469A-ADCF-49C7C5815F4E}\84F647D23507F647D207279667164756 : DHCPNameServer = 8.8.8.8 8.8.4.4
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll C:\windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [THXCfg64] C:\windows\System32\RunDLL32.exe C:\windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
    x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
    x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\
    FF - prefs.js: browser.search.selectedEngine - Search Results
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5076530253494149&o=APN10645&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
    FF - component: C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\Bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Zach\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
    FF - ExtSQL: !HIDDEN! 2013-01-26 12:24; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-2-8 311096]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
    R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-3-12 25960]
    R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-4-10 1428472]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-12 13336]
    R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2011-3-4 160768]
    R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
    R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-12-6 1248256]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-9 378472]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-12 2656280]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-3-11 129024]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-3-11 317440]
    R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2011-3-12 32344]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-3-12 412264]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 mr8980;Digital Wireless Camera;C:\windows\System32\drivers\dwcamx64.sys [2010-5-11 84992]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUVStor.sys [2011-3-12 307304]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-5 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-06-04 00:21:24--------d-----w-C:\Program Files (x86)\MyPC Backup
    2013-06-04 00:17:56--------d-----w-C:\Users\Zach\AppData\Roaming\Systweak
    2013-06-04 00:15:46--------d-----w-C:\Program Files (x86)\SearchProtect
    2013-06-04 00:15:44--------d-----w-C:\Users\Zach\AppData\Roaming\SearchProtect
    2013-06-04 00:15:36--------d-----w-C:\Program Files (x86)\FLV_Runner_B2
    2013-05-30 16:30:42737072----a-w-C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-05-30 16:30:282876528----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-05-30 16:30:1542776----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-05-28 03:34:03--------d--h--w-C:\windows\AxInstSV
    2013-05-16 00:18:25--------d-----w-C:\Users\Zach\AppData\Roaming\Malwarebytes
    2013-05-16 00:18:14--------d-----w-C:\ProgramData\Malwarebytes
    2013-05-16 00:18:1225928----a-w-C:\windows\System32\drivers\mbam.sys
    2013-05-16 00:18:12--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-16 00:18:03--------d-----w-C:\Users\Zach\AppData\Local\Programs
    .
    ==================== Find3M ====================
    .
    2013-06-12 18:46:1971048----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 18:46:19692104----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-02 14:22:042274480----a-w-C:\windows\System32\coin94.dll
    2013-04-15 00:07:1295648----a-w-C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-15 00:07:09861088----a-w-C:\windows\SysWow64\npDeployJava1.dll
    2013-04-15 00:07:09782240----a-w-C:\windows\SysWow64\deployJava1.dll
    2013-04-13 05:49:23135168----a-w-C:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19350208----a-w-C:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19308736----a-w-C:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19111104----a-w-C:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16474624----a-w-C:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:152176512----a-w-C:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45:081656680----a-w-C:\windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54265064----a-w-C:\windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53983400----a-w-C:\windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:503153920----a-w-C:\windows\System32\win32k.sys
    2013-04-05 06:52:142242048----a-w-C:\windows\System32\wininet.dll
    2013-04-05 06:50:363958784----a-w-C:\windows\System32\jscript9.dll
    2013-04-05 06:50:3167072----a-w-C:\windows\System32\iesetup.dll
    2013-04-05 06:50:31136704----a-w-C:\windows\System32\iesysprep.dll
    2013-04-05 05:28:241767424----a-w-C:\windows\SysWow64\wininet.dll
    2013-04-05 05:26:262877440----a-w-C:\windows\SysWow64\jscript9.dll
    2013-04-05 05:26:2161440----a-w-C:\windows\SysWow64\iesetup.dll
    2013-04-05 05:26:21109056----a-w-C:\windows\SysWow64\iesysprep.dll
    2013-04-05 04:43:002706432----a-w-C:\windows\System32\mshtml.tlb
    2013-04-05 04:29:452706432----a-w-C:\windows\SysWow64\mshtml.tlb
    2013-04-05 03:51:1189600----a-w-C:\windows\System32\RegisterIEPKEYs.exe
    2013-04-05 03:38:2571680----a-w-C:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-03-29 06:53:48246072----a-w-C:\windows\System32\drivers\avgidsdrivera.sys
    2013-03-21 07:08:24240952----a-w-C:\windows\System32\drivers\avgtdia.sys
    2013-03-19 06:04:065550424----a-w-C:\windows\System32\ntoskrnl.exe
    2013-03-19 05:53:5848640----a-w-C:\windows\System32\wwanprotdim.dll
    2013-03-19 05:53:58230400----a-w-C:\windows\System32\wwansvc.dll
    2013-03-19 05:46:5643520----a-w-C:\windows\System32\csrsrv.dll
    2013-03-19 05:04:133968856----a-w-C:\windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:103913560----a-w-C:\windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:506656----a-w-C:\windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33112640----a-w-C:\windows\System32\smss.exe
    .
    ============= FINISH: 15:11:42.00 ===============

    The attach file from the DDS scan is attached as told
    If I am missing anything please advise me.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] You've been to this forum before so you should know that ALL logs have to be pasted not attached.
    I expect pasted Attach.txt log in your next reply.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

    ===========================================================
    Note: <<<< - very important - please do this step:
    If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    Internet access
    Windows Update
    Windows Firewall
    (if used)
    If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit located in the mbar\plugins folder and reboot.
    Verify that your system is now functioning normally.
     
  3. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    Apologies, the popup from the dds scanner informed me to attach it to the post. Here it is below.


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/4/2012 3:43:59 PM
    System Uptime: 6/12/2013 2:59:04 PM (1 hours ago)
    .
    Motherboard: Micro-Star International Co., Ltd. | | MS-16G5
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | SOCKET 0 | 2001/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 352 GiB total, 275.843 GiB free.
    D: is FIXED (NTFS) - 235 GiB total, 234.432 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP93: 5/15/2013 10:23:50 PM - Windows Update
    RP94: 5/24/2013 1:12:17 PM - Scheduled Checkpoint
    RP95: 6/1/2013 8:18:26 AM - Scheduled Checkpoint
    RP96: 6/12/2013 11:25:43 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.7)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Client Installation Program
    AVG 2013
    Battery Calibration
    Bing Bar
    Bonjour
    BurnRecovery
    Cinema ProII Setup
    Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2
    Compatibility Pack for the 2007 Office system
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    D3DX10
    Digital Wireless Camera
    EasyFace2
    EasyViewer
    ETDWare PS/2-x64 7.0.5.15_WHQL
    Every Landlord's Legal Guide
    Freeze.com NetAssistant
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    GIMP
    Google Chrome
    HP Officejet Pro 8500 A910 Basic Device Software
    HP Officejet Pro 8500 A910 Help
    HP Officejet Pro 8500 A910 Product Improvement Study
    HP Update
    I-Charger
    I.R.I.S. OCR
    iLivid
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    iTunes
    Java 7 Update 17
    Java Auto Updater
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.75.0.1300
    Marketsplash Print Software
    Marketsplash Shortcuts
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft MapPoint North America 2010
    Microsoft Office 2003 Primary Interop Assemblies
    Microsoft Office 2007 Help Tab
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable Package
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Works 6-9 Converter
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSI HOUSE
    msi Software Install
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    myTV
    NetAssistant
    Norton Online Backup
    Nuance PDF Reader
    NVIDIA 3D Vision Driver 267.04
    NVIDIA Control Panel 267.04
    NVIDIA Graphics Driver 267.04
    NVIDIA Install Application
    NVIDIA Optimus 1.0.21
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update Components
    QuickBooks
    QuickBooks Pro 2012
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    RewardsArcadeSuite
    S-Bar
    Search-Results Toolbar
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype™ 6.3
    SpeedyPC Pro
    Stone Giant 1.0
    SupportSoft Assisted Service
    THX TruStudio Pro
    Torch
    Uniden Surveillance System 5.0.0.302
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio 2010 x64 Redistributables
    Windows Driver Package - OEM (mr8980) Image (05/10/2010 1.0.0.0)
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/8/2013 11:31:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
    6/8/2013 10:26:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    6/8/2013 10:26:15 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/7/2013 8:31:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
    6/7/2013 8:31:01 AM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/5/2013 10:47:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Online Backup service to connect.
    6/5/2013 10:47:34 AM, Error: Service Control Manager [7000] - The Norton Online Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/12/2013 8:53:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
    6/12/2013 8:53:10 AM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/12/2013 3:01:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    6/12/2013 3:00:56 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
    6/12/2013 3:00:40 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/12/2013 2:58:38 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    6/12/2013 2:16:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800b339060, 0xfffffa800b339340, 0xfffff8000378a350). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061213-40809-01.
    6/12/2013 12:20:11 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    6/12/2013 12:13:47 PM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.
    6/12/2013 12:03:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2836502).
    6/12/2013 12:03:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2834140).
    6/12/2013 12:03:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2813430).
    6/12/2013 12:03:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2808679).
    6/12/2013 12:03:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2845690).
    6/12/2013 12:03:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2839894).
    6/12/2013 12:03:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2838727).
    .
    ==== End Of File ===========================

    I will do the instructions you left me in the post above shortly after this post.
     
  4. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    Quick Update
    I have done the rogue scan and here is the report below.




    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Zach [Admin rights]
    Mode : Scan -- Date : 06/13/2013 11:03:03
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++
    --- User ---
    [MBR] b80f387e9c974edd9c42318ac7318c27
    [BSP] 24b47894f27a221d53c4d44a7e134fef : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10002 Mo
    1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 20486144 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20690944 | Size: 360219 Mo
    3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 758419916 | Size: 240157 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_06132013_02d1103.txt >>
    RKreport[1]_S_06132013_02d1103.txt

    IMPORTANT!
    I have made the restore point before doing the anti-rootkit scan, but after I made the restoration point I opened the malwarebyte program and during its prescan, it said something along the lines of applnit has been found, rootkit activity possible.

    It gave me a choice of either to solve it (yes) or if I am unsure (no). So I selected no to see what you want me to do.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    That's exactly what the tools says. You did fine by selecting "No" at first.
    Go ahead and run MBAR.
     
  6. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    So next time shall I press yes? Or shall I press no and continue on?
     
  7. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    For now press "No" and continue.
     
  8. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    I've finished scanning the computer twice, it said for both times no cleanup is required because of no malware.
    I have two mbar logs though and one system log so I will post them all below.


    FIRST MBAR LOG

    Malwarebytes Anti-Rootkit BETA 1.06.0.1003
    www.malwarebytes.org

    Database version: v2013.05.07.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16614
    Zach :: ZACH-MSI [administrator]

    6/14/2013 11:03:02 AM
    mbar-log-2013-06-14 (11-03-02).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: Deep Anti-Rootkit Scan | PUP
    Objects scanned: 297892
    Time elapsed: 44 minute(s), 48 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    SECOND MBAR LOG


    Malwarebytes Anti-Rootkit BETA 1.06.0.1003
    www.malwarebytes.org

    Database version: v2013.06.15.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    Zach :: ZACH-MSI [administrator]

    6/15/2013 11:23:13 AM
    mbar-log-2013-06-15 (11-23-13).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: Deep Anti-Rootkit Scan | PUP
    Objects scanned: 293747
    Time elapsed: 52 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    SYSTEM LOG


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16614

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 8492834816, free: 5818810368

    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16614

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 8492834816, free: 5626724352

    Initializing...
    ------------ Kernel report ------------
    06/14/2013 11:02:58
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\avgfwd6a.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\system32\drivers\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\drivers\nusb3xhc.sys
    \SystemRoot\system32\drivers\USBD.SYS
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\ETD.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\drivers\nusb3hub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\MBfilt64.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800773e790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa80074ed050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Device number: 0, partition: 3
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800773e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800773e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800773e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80074ed050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B5E80B87

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 20484096

    Partition 1 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 20486144 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 20690944 Numsec = 737728972

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 758419916 Numsec = 491841764

    Disk Size: 640135028736 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
    Done!
    Read File: File "c:\programdata\avg2013\chjw\569af4f49af4d18b.dat:fd848a13-6787-4a53-9673-745bd601584d" is sparse (flags = 32768)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_20486144_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16618

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 8492834816, free: 5325692928

    Downloaded database version: v2013.06.15.04
    Downloaded database version: v2013.05.22.01
    Initializing...
    ------------ Kernel report ------------
    06/15/2013 11:23:02
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\avgfwd6a.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\system32\drivers\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\drivers\nusb3xhc.sys
    \SystemRoot\system32\drivers\USBD.SYS
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\ETD.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\drivers\nusb3hub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\MBfilt64.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800938e790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800818e050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Device number: 0, partition: 3
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800938e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800938e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800938e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800818e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B5E80B87

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 20484096

    Partition 1 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 20486144 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 20690944 Numsec = 737728972

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 758419916 Numsec = 491841764

    Disk Size: 640135028736 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
    Done!
    Read File: File "c:\programdata\avg2013\chjw\569af4f49af4d18b.dat:fd848a13-6787-4a53-9673-745bd601584d" is sparse (flags = 32768)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_20486144_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

    Removal finished
     
  9. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    Forgot to mention, firewall and windows update work fine, but for some reason the wireless internet adapter for this laptop had a little trouble connecting to the internet. I troubleshooted it and the problem was said to be resolved.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    I ran combofix and everything went fine, here is the log below.



    ComboFix 13-06-17.01 - Zach 06/17/2013 12:30:07.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.6104 [GMT -4:00]
    Running from: c:\users\Zach\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Zach\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-17 to 2013-06-17 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-17 16:41 . 2013-06-17 16:41--------d-----w-c:\users\zach2\AppData\Local\temp
    2013-06-17 16:41 . 2013-06-17 16:41--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2013-06-17 16:41 . 2013-06-17 16:41--------d-----w-c:\users\Default\AppData\Local\temp
    2013-06-16 12:04 . 2013-06-16 12:08--------d-----w-c:\users\zach2\AppData\Local\Google
    2013-06-16 12:04 . 2013-06-16 12:07--------d-----w-c:\users\zach2\AppData\Local\Deployment
    2013-06-16 12:04 . 2013-06-16 12:04--------d-----w-c:\users\zach2\AppData\Local\Apps
    2013-06-15 16:27 . 2008-07-12 12:18467984----a-w-c:\windows\SysWow64\d3dx10_39.dll
    2013-06-15 16:27 . 2008-07-12 12:181493528----a-w-c:\windows\SysWow64\D3DCompiler_39.dll
    2013-06-15 16:27 . 2008-07-12 12:183851784----a-w-c:\windows\SysWow64\D3DX9_39.dll
    2013-06-15 16:26 . 2013-06-15 16:26--------d-----w-C:\Riot Games
    2013-06-15 16:21 . 2013-06-15 16:21--------d-----w-c:\program files (x86)\Pando Networks
    2013-06-15 16:21 . 2013-06-15 16:21--------d-----w-c:\users\Zach\AppData\Roaming\Riot Games
    2013-06-14 15:02 . 2013-06-15 16:16--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-06-12 16:32 . 2013-06-12 16:32--------d-----w-c:\users\zach2\AppData\Local\Diagnostics
    2013-06-12 16:11 . 2013-05-08 06:391910632----a-w-c:\windows\system32\drivers\tcpip.sys
    2013-06-12 16:11 . 2013-04-26 05:51751104----a-w-c:\windows\system32\win32spl.dll
    2013-06-12 16:11 . 2013-04-26 04:55492544----a-w-c:\windows\SysWow64\win32spl.dll
    2013-06-12 16:11 . 2013-05-10 05:4930720----a-w-c:\windows\system32\cryptdlg.dll
    2013-06-12 16:11 . 2013-05-10 03:2024576----a-w-c:\windows\SysWow64\cryptdlg.dll
    2013-06-12 16:11 . 2013-04-17 06:241424384----a-w-c:\windows\system32\WindowsCodecs.dll
    2013-06-12 16:11 . 2013-04-17 07:021230336----a-w-c:\windows\SysWow64\WindowsCodecs.dll
    2013-06-12 16:09 . 2013-05-13 05:51184320----a-w-c:\windows\system32\cryptsvc.dll
    2013-06-12 16:09 . 2013-05-13 05:511464320----a-w-c:\windows\system32\crypt32.dll
    2013-06-12 16:09 . 2013-05-13 05:51139776----a-w-c:\windows\system32\cryptnet.dll
    2013-06-12 16:09 . 2013-05-13 05:5052224----a-w-c:\windows\system32\certenc.dll
    2013-06-12 16:09 . 2013-05-13 04:45140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2013-06-12 16:09 . 2013-05-13 04:451160192----a-w-c:\windows\SysWow64\crypt32.dll
    2013-06-12 16:09 . 2013-05-13 04:45103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2013-06-12 16:09 . 2013-05-13 03:431192448----a-w-c:\windows\system32\certutil.exe
    2013-06-12 16:09 . 2013-05-13 03:08903168----a-w-c:\windows\SysWow64\certutil.exe
    2013-06-12 16:09 . 2013-05-13 03:0843008----a-w-c:\windows\SysWow64\certenc.dll
    2013-06-12 16:09 . 2013-04-25 23:301505280----a-w-c:\windows\SysWow64\d3d11.dll
    2013-06-12 16:09 . 2013-03-31 22:521887232----a-w-c:\windows\system32\d3d11.dll
    2013-06-06 18:34 . 2013-06-06 18:34--------d-----w-c:\users\zach2\AppData\Local\Microsoft Games
    2013-06-06 17:14 . 2013-06-06 17:14--------d-----w-c:\users\zach2\AppData\Roaming\SearchProtect
    2013-06-04 00:21 . 2013-06-12 19:44--------d-----w-c:\program files (x86)\MyPC Backup
    2013-06-04 00:17 . 2013-06-05 16:21--------d-----w-c:\users\Zach\AppData\Roaming\Systweak
    2013-06-04 00:15 . 2013-06-12 19:44--------d-----w-c:\program files (x86)\SearchProtect
    2013-06-04 00:15 . 2013-06-04 10:21--------d-----w-c:\users\Zach\AppData\Roaming\SearchProtect
    2013-06-04 00:15 . 2013-06-12 19:44--------d-----w-c:\program files (x86)\FLV_Runner_B2
    2013-05-30 16:30 . 2013-05-30 16:30737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-05-30 16:30 . 2013-05-30 16:302876528----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-05-30 16:30 . 2013-05-30 16:3042776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-05-28 03:34 . 2013-05-28 03:34--------d--h--w-c:\windows\AxInstSV
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-12 18:46 . 2012-04-02 11:16692104----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-12 18:46 . 2012-02-05 18:0271048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-30 16:30 . 2013-04-29 19:20539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2013-05-02 14:22 . 2013-05-02 14:222274480----a-w-c:\windows\system32\coin94.dll
    2013-05-02 10:33 . 2010-06-24 19:3322240----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-04-30 19:14 . 2013-04-30 19:14539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-04-28 18:13 . 2013-04-28 18:13737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2013-04-28 18:13 . 2013-04-28 18:132876528----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2013-04-28 18:13 . 2013-04-28 18:1342776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2013-04-15 00:07 . 2013-04-15 00:0795648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-15 00:07 . 2013-04-15 00:07782240----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-04-15 00:07 . 2013-04-15 00:07861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-04-13 05:49 . 2013-05-15 09:55135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-15 09:55308736----a-w-c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-15 09:55350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-15 09:55111104----a-w-c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-15 09:55474624----a-w-c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-15 09:552176512----a-w-c:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45 . 2013-04-28 02:051656680----a-w-c:\windows\system32\drivers\ntfs.sys
    2013-04-10 06:01 . 2013-05-15 09:55265064----a-w-c:\windows\system32\drivers\dxgmms1.sys
    2013-04-10 06:01 . 2013-05-15 09:55983400----a-w-c:\windows\system32\drivers\dxgkrnl.sys
    2013-04-10 03:30 . 2013-05-15 09:553153920----a-w-c:\windows\system32\win32k.sys
    2013-04-04 18:50 . 2013-05-16 00:1825928----a-w-c:\windows\system32\drivers\mbam.sys
    2013-03-29 06:53 . 2013-03-29 06:53246072----a-w-c:\windows\system32\drivers\avgidsdrivera.sys
    2013-03-21 07:08 . 2013-03-21 07:08240952----a-w-c:\windows\system32\drivers\avgtdia.sys
    2013-03-19 19:53 . 2013-03-19 19:53226304----a-w-c:\windows\system32\elshyph.dll
    2013-03-19 19:53 . 2013-03-19 19:53185344----a-w-c:\windows\SysWow64\elshyph.dll
    2013-03-19 19:53 . 2013-03-19 19:53158720----a-w-c:\windows\SysWow64\msls31.dll
    2013-03-19 19:53 . 2013-03-19 19:531054720----a-w-c:\windows\system32\MsSpellCheckingFacility.exe
    2013-03-19 19:53 . 2013-03-19 19:53719360----a-w-c:\windows\SysWow64\mshtmlmedia.dll
    2013-03-19 19:53 . 2013-03-19 19:53523264----a-w-c:\windows\SysWow64\vbscript.dll
    2013-03-19 19:53 . 2013-03-19 19:53150528----a-w-c:\windows\SysWow64\iexpress.exe
    2013-03-19 19:53 . 2013-03-19 19:53138752----a-w-c:\windows\SysWow64\wextract.exe
    2013-03-19 19:53 . 2013-03-19 19:53137216----a-w-c:\windows\SysWow64\ieUnatt.exe
    2013-03-19 19:53 . 2013-03-19 19:5373728----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-03-19 19:53 . 2013-03-19 19:5348640----a-w-c:\windows\SysWow64\mshtmler.dll
    2013-03-19 19:53 . 2013-03-19 19:5338400----a-w-c:\windows\SysWow64\imgutil.dll
    2013-03-19 19:53 . 2013-03-19 19:5312800----a-w-c:\windows\SysWow64\mshta.exe
    2013-03-19 19:53 . 2013-03-19 19:53110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
    2013-03-19 19:53 . 2013-03-19 19:5361952----a-w-c:\windows\SysWow64\tdc.ocx
    2013-03-19 19:53 . 2013-03-19 19:53361984----a-w-c:\windows\SysWow64\html.iec
    2013-03-19 19:53 . 2013-03-19 19:5323040----a-w-c:\windows\SysWow64\licmgr10.dll
    2013-03-19 19:53 . 2013-03-19 19:53197120----a-w-c:\windows\system32\msrating.dll
    2013-03-19 19:53 . 2013-03-19 19:531441280----a-w-c:\windows\SysWow64\inetcpl.cpl
    2013-03-19 19:53 . 2013-03-19 19:5381408----a-w-c:\windows\system32\icardie.dll
    2013-03-19 19:53 . 2013-03-19 19:53762368----a-w-c:\windows\system32\ieapfltr.dll
    2013-03-19 19:53 . 2013-03-19 19:53452096----a-w-c:\windows\system32\dxtmsft.dll
    2013-03-19 19:53 . 2013-03-19 19:53441856----a-w-c:\windows\system32\html.iec
    2013-03-19 19:53 . 2013-03-19 19:53281600----a-w-c:\windows\system32\dxtrans.dll
    2013-03-19 19:53 . 2013-03-19 19:53216064----a-w-c:\windows\system32\msls31.dll
    2013-03-19 19:53 . 2013-03-19 19:531400416----a-w-c:\windows\system32\ieapfltr.dat
    2013-03-19 19:53 . 2013-03-19 19:5397280----a-w-c:\windows\system32\mshtmled.dll
    2013-03-19 19:53 . 2013-03-19 19:53905728----a-w-c:\windows\system32\mshtmlmedia.dll
    2013-03-19 19:53 . 2013-03-19 19:53599552----a-w-c:\windows\system32\vbscript.dll
    2013-03-19 19:53 . 2013-03-19 19:5327648----a-w-c:\windows\system32\licmgr10.dll
    2013-03-19 19:53 . 2013-03-19 19:53270848----a-w-c:\windows\system32\iedkcs32.dll
    2013-03-19 19:53 . 2013-03-19 19:53247296----a-w-c:\windows\system32\webcheck.dll
    2013-03-19 19:53 . 2013-03-19 19:53235008----a-w-c:\windows\system32\url.dll
    2013-03-19 19:53 . 2013-03-19 19:53173568----a-w-c:\windows\system32\ieUnatt.exe
    2013-03-19 19:53 . 2013-03-19 19:53167424----a-w-c:\windows\system32\iexpress.exe
    2013-03-19 19:53 . 2013-03-19 19:531509376----a-w-c:\windows\system32\inetcpl.cpl
    2013-03-19 19:53 . 2013-03-19 19:53144896----a-w-c:\windows\system32\wextract.exe
    2013-03-19 19:53 . 2013-03-19 19:53102912----a-w-c:\windows\system32\inseng.dll
    2013-03-19 19:53 . 2013-03-19 19:5392160----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2013-03-19 19:53 . 2013-03-19 19:5377312----a-w-c:\windows\system32\tdc.ocx
    2013-03-19 19:53 . 2013-03-19 19:5362976----a-w-c:\windows\system32\pngfilt.dll
    2013-03-19 19:53 . 2013-03-19 19:5352224----a-w-c:\windows\system32\msfeedsbs.dll
    2013-03-19 19:53 . 2013-03-19 19:5351200----a-w-c:\windows\system32\imgutil.dll
    2013-03-19 19:53 . 2013-03-19 19:5348640----a-w-c:\windows\system32\mshtmler.dll
    2013-03-19 19:53 . 2013-03-19 19:53149504----a-w-c:\windows\system32\occache.dll
    2013-03-19 19:53 . 2013-03-19 19:5313824----a-w-c:\windows\system32\mshta.exe
    2013-03-19 19:53 . 2013-03-19 19:53136192----a-w-c:\windows\system32\iepeers.dll
    2013-03-19 19:53 . 2013-03-19 19:53135680----a-w-c:\windows\system32\IEAdvpack.dll
    2013-03-19 19:53 . 2013-03-19 19:5312800----a-w-c:\windows\system32\msfeedssync.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B6EF6C45-5E8D-4c3b-B580-A5073261A381}]
    2011-11-03 17:43528216----a-w-c:\program files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
    2011-06-22 17:301718472----a-w-c:\program files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-03-04 5205504]
    "Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
    "Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-06 1112920]
    "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-10-26 2643320]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-12-6 6186872]
    Marketsplash Print Software.lnk - c:\program files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe [2010-10-11 93752]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-12-6 1176464]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2009\QBW32.EXE -silent [2012-12-6 1181584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll c:\windows\SysWOW64\nvinit.dll
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
    R3 mr8980;Digital Wireless Camera;c:\windows\system32\DRIVERS\dwcamx64.sys;c:\windows\SYSNATIVE\DRIVERS\dwcamx64.sys [x]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
    S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [x]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-16 12:081165776----a-w-c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:46]
    .
    2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-16 12:08]
    .
    2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-16 12:08]
    .
    2013-03-03 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2013-05-03 19:38]
    .
    2013-06-15 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    2013-06-17 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-28 18:41]
    .
    2013-03-15 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-28 18:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
    "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: mypestpac.com
    Trusted Zone: mypestpac.com\*.www
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    FF - ProfilePath - c:\users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\
    FF - prefs.js: browser.search.selectedEngine - Search Results
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5076530253494149&o=APN10645&q=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: !HIDDEN! 2013-01-26 12:24; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,bf,71,49,6a,8e,ce,49,bc,aa,94,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,bf,71,49,6a,8e,ce,49,bc,aa,94,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-06-17 12:47:27
    ComboFix-quarantined-files.txt 2013-06-17 16:47
    .
    Pre-Run: 294,736,404,480 bytes free
    Post-Run: 294,809,387,008 bytes free
    .
    - - End Of File - - 5D4CF03133F61B3E8F04885ADF8AC6D4
    D41D8CD98F00B204E9800998ECF8427E
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Looks good.

    You can reinstall AVG now.

    [​IMG] Uninstall SpeedyPC Pro (possibly partially responsible for your problems).
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    Thank you for the information on registry cleaners, that is very useful infomrat
     
  14. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    Thank you for the information on registry cleaners, that is very useful information to know, yet I do not remember installing the registry cleaner. Anyways, I have uninstalled it successfully and reinstalled avg as well as doing as you requested. Here are the logs below


    ADWARE LOG



    # AdwCleaner v2.303 - Logfile created 06/19/2013 at 11:10:25
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Zach - ZACH-MSI
    # Boot Mode : Normal
    # Running from : C:\Users\Zach\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
    Deleted on reboot : C:\Program Files (x86)\Search Results Toolbar
    Deleted on reboot : C:\ProgramData\Browser Manager
    Deleted on reboot : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
    File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
    File Deleted : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\searchplugins\safesearch.xml
    File Deleted : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\searchplugins\Search_Results.xml
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files (x86)\Freeze.com
    Folder Deleted : C:\Program Files (x86)\RewardsArcadeSuite
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\Zach\AppData\Local\RewardsArcadeSuite
    Folder Deleted : C:\Users\Zach\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Zach\AppData\LocalLow\ilividtoolbarguid
    Folder Deleted : C:\Users\Zach\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Zach\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
    Folder Deleted : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\extensions\wecarereminder@bryan
    Folder Deleted : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\ilividtoolbarguid
    Folder Deleted : C:\Users\Zach\AppData\Roaming\SearchProtect
    Folder Deleted : C:\Users\zach2\AppData\LocalLow\ilividtoolbarguid
    Folder Deleted : C:\Users\zach2\AppData\LocalLow\searchresultstb
    Folder Deleted : C:\Users\zach2\AppData\Roaming\SearchProtect

    ***** [Registry] *****

    Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
    Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
    Key Deleted : HKCU\Software\APN DTX
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\ilividtoolbarguid
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6565F37-655B-4c9e-AA5F-0307AC976ED4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
    Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\iLividSRTB
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16611

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-US)

    File : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\prefs.js

    Deleted : user_pref("browser.search.defaultenginename", "Search Results");
    Deleted : user_pref("browser.search.order.1", "Search Results");
    Deleted : user_pref("browser.search.selectedEngine", "Search Results");
    Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");
    Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationTime", 1325870495);
    Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.searchUserConifrmation", false[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.setHomepage", false);
    Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.setNewTab", false);
    Deleted : user_pref("extensions.crossriderapp1950.1950.InstallationUserSettings.setSearch", false);
    Deleted : user_pref("extensions.crossriderapp1950.1950.active", true);
    Deleted : user_pref("extensions.crossriderapp1950.1950.addressbar", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.affid", "0");
    Deleted : user_pref("extensions.crossriderapp1950.1950.backgroundjs", "\n//------------------ PLUGIN resource[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.backgroundver", 41);
    Deleted : user_pref("extensions.crossriderapp1950.1950.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.changeprevious", false);
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.InstallationTime.value", "1325870495");
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22de[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_aoi.value", "1325870495");
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_hotfix20111102645.value", "%221%22");
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_installer_params.value", "%7B%22sub_id%22%3[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_parent_zoneid.value", "%2213620%22");
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_pc_20120828.value", "1346205325984");
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_product_id.value", "%221042%22");
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie._GPL_zoneid.value", "%2215247%22");
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.cookie.dbtest.value", "1346010352550");
    Deleted : user_pref("extensions.crossriderapp1950.1950.description", "RewardsArcade allows you to play multipl[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.domain", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.emailsig", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.enablesearch", false);
    Deleted : user_pref("extensions.crossriderapp1950.1950.exposesites", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.group", 0);
    Deleted : user_pref("extensions.crossriderapp1950.1950.homepage", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.iframe", false);
    Deleted : user_pref("extensions.crossriderapp1950.1950.js", "\n\n//------------------ USER PLUGIN GPL Plugin ([...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.manifesturl", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.name", "RewardsArcade Suite");
    Deleted : user_pref("extensions.crossriderapp1950.1950.newtab", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.opensearch", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.premium", true);
    Deleted : user_pref("extensions.crossriderapp1950.1950.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp1950.1950.searchstatus", 0);
    Deleted : user_pref("extensions.crossriderapp1950.1950.setnewtab", false);
    Deleted : user_pref("extensions.crossriderapp1950.1950.settingsurl", "");
    Deleted : user_pref("extensions.crossriderapp1950.1950.thankyou", "hxxp://www.rewardsarcade.com/r.php?app_id=1[...]
    Deleted : user_pref("extensions.crossriderapp1950.1950.updateinterval", 360);
    Deleted : user_pref("extensions.crossriderapp1950.1950.ver", 102);
    Deleted : user_pref("extensions.crossriderapp1950.apps", "1950");
    Deleted : user_pref("extensions.crossriderapp1950.bic", "1360914c4c911fc2b40de41ab50068b4");
    Deleted : user_pref("extensions.crossriderapp1950.cid", 1950);
    Deleted : user_pref("extensions.crossriderapp1950.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp1950.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp1950.installationdate", 1331592218);
    Deleted : user_pref("extensions.crossriderapp1950.jsver", 3);
    Deleted : user_pref("extensions.crossriderapp1950.lastcheck", 22676993);
    Deleted : user_pref("extensions.crossriderapp1950.lastcheckitem", 22677000);
    Deleted : user_pref("extensions.crossriderapp1950.misc.lastBgWorkerTimer", "1360620808176");
    Deleted : user_pref("extensions.crossriderapp1950.misc.lastDomWorkerTimer", "1360620808169");
    Deleted : user_pref("extensions.enabledAddons", "crossriderapp1950%40crossrider.com:0.78.15,%7B1FD91A9C-410C-4[...]
    Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=343&systemid=406&apn[...]

    File : C:\Users\zach2\AppData\Roaming\Mozilla\Firefox\Profiles\haqcpxk0.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.26] : keyword = "search-results.com",
    Deleted [l.30] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=343&systemid=406&apn_dtid[...]
    Deleted [l.2221] : homepage = "hxxp://www.searchnu.com/406",
    Deleted [l.2576] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

    File : C:\Users\zach2\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [16191 octets] - [19/06/2013 11:10:25]

    ########## EOF - C:\AdwCleaner[S1].txt - [16252 octets] ##########


    JRT.txt log (junkware scan)


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Zach on Wed 06/19/2013 at 11:17:18.84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
    Successfully deleted: [Folder] "C:\ProgramData\wincert"
    Successfully deleted: [Folder] "C:\Users\Zach\AppData\Roaming\speedypc software"
    Successfully deleted: [Folder] "C:\Users\Zach\AppData\Roaming\systweak"
    Successfully deleted: [Folder] "C:\Users\Zach\appdata\local\torch"
    Successfully deleted: [Folder] "C:\Users\Zach\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "C:\Program Files (x86)\search results toolbar"
    Successfully deleted: [Empty Folder] C:\Users\Zach\appdata\local\{AAC64EA1-ECA1-48B6-940D-7BF10D56CDFD}
    Successfully deleted: [Empty Folder] C:\Users\Zach\appdata\local\{F2B40E06-BEFE-4B35-9751-C4477501E3DF}



    ~~~ FireFox

    Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml"
    Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"
    Failed to delete: [Folder] C:\Users\Zach\AppData\Roaming\mozilla\firefox\profiles\83i7ck5f.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
    Successfully deleted the following from C:\Users\Zach\AppData\Roaming\mozilla\firefox\profiles\83i7ck5f.default\prefs.js

    user_pref("extensions.crossrider.bic", "1360914c4c911fc2b40de41ab50068b4");
    Emptied folder: C:\Users\Zach\AppData\Roaming\mozilla\firefox\profiles\83i7ck5f.default\minidumps [23 files]



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ielefkgbofdpglioecfjcbikholflklb
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 06/19/2013 at 11:27:10.44
    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    I will post the two last logs in the next post.
     
  15. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    OTL.txt


    OTL logfile created on: 6/19/2013 11:29:11 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zach\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.91 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 79.41% Memory free
    15.82 Gb Paging File | 14.02 Gb Available in Paging File | 88.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 351.78 Gb Total Space | 272.96 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
    Drive D: | 234.53 Gb Total Space | 234.43 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

    Computer Name: ZACH-MSI | User Name: Zach | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/06/19 11:28:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Downloads\OTL.exe
    PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/06 20:00:12 | 001,176,464 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2012/12/06 19:59:24 | 001,181,584 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
    PRC - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/12/06 06:40:30 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/03/04 19:23:22 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\S-Bar\MSIService.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/09 19:15:00 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/02/09 16:41:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/01/25 18:33:48 | 000,200,192 | ---- | M] (Micro-Star Int'l Co., Ltd.) -- C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
    PRC - [2011/01/12 22:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/01/12 22:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/18 19:49:16 | 001,351,680 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
    PRC - [2010/11/16 21:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/06/25 15:46:10 | 001,689,600 | ---- | M] (msi) -- C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
    PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/06/16 08:36:14 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\576cf246dc4a2d51aa3c6ba123f1d178\Microsoft.VisualBasic.ni.dll
    MOD - [2013/06/16 08:01:22 | 011,914,240 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\ce6b7579fbb77330560e9122d1cf6526\System.Web.ni.dll
    MOD - [2013/06/16 08:01:10 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll
    MOD - [2013/05/16 05:41:20 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
    MOD - [2013/05/16 05:40:37 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
    MOD - [2013/05/16 05:40:15 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
    MOD - [2013/05/16 05:39:48 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
    MOD - [2013/05/16 05:39:36 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
    MOD - [2013/01/13 11:14:40 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
    MOD - [2013/01/13 11:14:40 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
    MOD - [2013/01/10 07:48:04 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
    MOD - [2013/01/10 07:47:12 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/10 07:46:34 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/10 07:46:26 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/10 07:46:07 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2012/12/06 19:59:54 | 000,138,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBMAPILibrary.dll
    MOD - [2012/12/06 19:59:50 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBCompressor.DLL
    MOD - [2012/12/06 19:59:44 | 000,042,384 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\mbpopup.dll
    MOD - [2012/12/06 19:59:30 | 000,268,688 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll
    MOD - [2012/12/06 19:59:30 | 000,176,528 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_serialization-vc90-mt-p-1_33.dll
    MOD - [2012/12/06 19:59:28 | 000,380,304 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\BackupLib.dll
    MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/12/06 06:39:58 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\zlib1.dll
    MOD - [2010/05/04 14:59:00 | 000,182,272 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/06/12 14:46:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/01/20 19:06:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/12/06 06:40:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/12/06 06:40:08 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2011/03/04 19:23:22 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\S-Bar\MSIService.exe -- (Micro Star SCM)
    SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/09 19:15:00 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/02/09 16:41:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/01/12 22:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/07/16 20:39:32 | 000,012,800 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe -- (MSI Foundation Service)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/05 20:28:30 | 002,782,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys -- (MGHwCtrl)
    DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/09 16:41:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/01/26 20:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/12/10 01:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/12/10 01:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/11/30 02:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2010/11/30 02:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/26 20:52:12 | 001,577,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/09/08 07:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/05/11 18:49:06 | 000,084,992 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dwcamx64.sys -- (mr8980)
    DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2010/05/11 18:49:06 | 000,084,992 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dwcamx64.sys -- (mr8980)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{048CD003-8DDC-4CD1-BE17-C7629901C760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{EBE6A45D-95E8-4E95-9DF6-13CDA0F0CF85}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1000\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..\SearchScopes\{82EF7457-3A05-4EAA-B435-5CDBE62116CF}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20120101,6901,0,8,0
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Zach\AppData\Local\RewardsArcadeSuite\1950\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/20 19:06:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/20 19:06:07 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/01/26 13:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Extensions
    [2013/06/19 11:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\extensions
    [2012/01/06 11:04:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\83i7ck5f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/01/26 13:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
    File not found (No name found) -- C:\USERS\ZACH\APPDATA\LOCAL\REWARDSARCADESUITE\1950\FIREFOX
    [2013/01/20 19:06:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/26 06:14:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/30 09:39:30 | 000,003,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
    [2012/10/26 15:28:10 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Search Results (Enabled)
    CHR - default_search_provider: search_url = http://dts.search-results.com/sr?sr...0645&apn_uid=5076530253494149&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

    O1 HOSTS File: ([2013/06/17 12:41:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe (Micro-Star Int'l Co., Ltd.)
    O4 - HKLM..\Run: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe (msi)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe (MSI)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKU\S-1-5-21-3511759517-554681407-3083621350-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3511759517-554681407-3083621350-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKU\S-1-5-21-3511759517-554681407-3083621350-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3511759517-554681407-3083621350-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3511759517-554681407-3083621350-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..Trusted Domains: mypestpac.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..Trusted Domains: mypestpac.com ([*.www] http in Trusted sites)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD69B12D-82EE-469A-ADCF-49C7C5815F4E}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  16. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/19 11:17:15 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
    [2013/06/19 11:16:47 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/17 15:50:28 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\LolClient
    [2013/06/17 13:23:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/06/17 12:47:31 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2013/06/17 12:25:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2013/06/17 12:25:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2013/06/17 12:25:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2013/06/17 12:25:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/06/17 12:25:09 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2013/06/17 12:08:09 | 005,079,999 | R--- | C] (Swearware) -- C:\Users\Zach\Desktop\ComboFix.exe
    [2013/06/16 08:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/06/15 12:26:54 | 000,000,000 | ---D | C] -- C:\Riot Games
    [2013/06/15 12:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
    [2013/06/15 12:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
    [2013/06/15 12:21:02 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\Riot Games
    [2013/06/14 21:45:26 | 000,000,000 | ---D | C] -- C:\Users\Zach\Documents\Nekrosimos Akolouthia_files
    [2013/06/14 11:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/06/13 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Zach\Desktop\mbar
    [2013/06/13 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\Zach\Desktop\RK_Quarantine
    [2013/06/03 20:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
    [2013/06/03 20:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV_Runner_B2
    [2013/05/27 23:34:03 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/06/19 11:20:36 | 000,024,656 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/19 11:20:36 | 000,024,656 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/19 11:13:01 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/19 11:12:41 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/19 11:12:34 | 000,000,514 | ---- | M] () -- C:\windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2013/06/19 11:12:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/06/19 11:12:13 | 2074,656,767 | -HS- | M] () -- C:\hiberfil.sys
    [2013/06/19 11:11:06 | 000,000,400 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
    [2013/06/19 09:46:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/06/19 08:39:22 | 000,779,306 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/06/19 08:39:22 | 000,660,546 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/06/19 08:39:22 | 000,121,442 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/06/18 18:16:23 | 000,000,490 | ---- | M] () -- C:\windows\tasks\SpeedyPC Registration3.job
    [2013/06/17 12:41:53 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2013/06/17 12:08:16 | 005,079,999 | R--- | M] (Swearware) -- C:\Users\Zach\Desktop\ComboFix.exe
    [2013/06/16 09:22:17 | 000,002,289 | ---- | M] () -- C:\Users\Zach\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/06/16 08:08:37 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/06/15 16:10:53 | 000,773,522 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2013/06/14 21:45:27 | 000,000,712 | ---- | M] () -- C:\Users\Zach\Documents\Nekrosimos Akolouthia.htm
    [2013/06/12 21:37:13 | 000,791,040 | ---- | M] () -- C:\Users\Zach\Desktop\RogueKillerX64.exe
    [2013/06/12 15:15:43 | 000,004,150 | ---- | M] () -- C:\Users\Zach\Desktop\attach.zip
    [2013/06/12 14:16:40 | 385,184,398 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/06/19 11:10:33 | 000,000,400 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
    [2013/06/17 12:25:51 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2013/06/17 12:25:51 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2013/06/17 12:25:51 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2013/06/17 12:25:51 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2013/06/17 12:25:51 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2013/06/16 08:08:37 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/06/16 08:08:08 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/16 08:08:06 | 000,000,890 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/14 21:45:26 | 000,000,712 | ---- | C] () -- C:\Users\Zach\Documents\Nekrosimos Akolouthia.htm
    [2013/06/12 21:37:07 | 000,791,040 | ---- | C] () -- C:\Users\Zach\Desktop\RogueKillerX64.exe
    [2013/06/12 15:15:43 | 000,004,150 | ---- | C] () -- C:\Users\Zach\Desktop\attach.zip
    [2013/03/07 14:08:36 | 000,598,016 | ---- | C] () -- C:\windows\SysWow64\vcore.dll
    [2013/03/07 14:08:36 | 000,187,392 | ---- | C] () -- C:\windows\SysWow64\LPng.dll
    [2012/10/06 14:09:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/08/30 13:21:59 | 000,038,425 | ---- | C] () -- C:\Users\Zach\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2012/08/30 13:14:55 | 000,038,421 | ---- | C] () -- C:\Users\Zach\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2012/06/19 19:31:41 | 000,773,522 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/01/06 14:30:24 | 000,000,351 | ---- | C] () -- C:\Users\Zach\Network - Shortcut.lnk
    [2012/01/05 19:32:41 | 000,000,090 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
    [2012/01/05 10:53:51 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/31 14:32:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/01/31 14:32:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/06/17 15:50:28 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\LolClient
    [2012/08/11 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Nuance
    [2013/06/15 12:21:17 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Riot Games
    [2013/01/26 13:45:23 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\TFP
    [2013/03/07 14:09:36 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Uniden Surveillance System
    [2012/01/04 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Zeon
    [2013/04/23 06:15:48 | 000,000,000 | ---D | M] -- C:\Users\zach2\AppData\Roaming\AVG2013

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2013/06/18 22:09:21 | 000,139,928 | ---- | M] ()(C:\Users\Zach\Desktop\??????? ??S ?G??S ???????S??S.htm) -- C:\Users\Zach\Desktop\ΚΥΡΙΑΚΗ ΤΗΣ ΑΓΙΑΣ ΠΕΝΤΗΚΟΣΤΗΣ.htm
    [2013/06/18 22:09:20 | 000,139,928 | ---- | C] ()(C:\Users\Zach\Desktop\??????? ??S ?G??S ???????S??S.htm) -- C:\Users\Zach\Desktop\ΚΥΡΙΑΚΗ ΤΗΣ ΑΓΙΑΣ ΠΕΝΤΗΚΟΣΤΗΣ.htm
    [2013/06/17 08:03:10 | 000,069,153 | ---- | M] ()(C:\Users\Zach\Desktop\?? ?G' ??? ???????.htm) -- C:\Users\Zach\Desktop\ΤΗ ΚΓ' ΤΟΥ ΙΟΥΝΙΟΥ.htm
    [2013/06/17 08:03:10 | 000,069,153 | ---- | C] ()(C:\Users\Zach\Desktop\?? ?G' ??? ???????.htm) -- C:\Users\Zach\Desktop\ΤΗ ΚΓ' ΤΟΥ ΙΟΥΝΙΟΥ.htm
    [2012/01/05 18:59:41 | 005,200,725 | ---- | C] ()(C:\Users\Zach\Documents\01. ?? ??S - Copy.mp3) -- C:\Users\Zach\Documents\01. ΝΑ ΠΑΣ - Copy.mp3
    [2012/01/05 18:47:48 | 001,729,921 | ---- | C] ()(C:\Users\Zach\Documents\µaµa µe ??sta..jpg) -- C:\Users\Zach\Documents\μαμα με κοστα..jpg
    [2012/01/05 18:47:48 | 001,698,148 | ---- | C] ()(C:\Users\Zach\Documents\? pa?ea st?? ????a) -- C:\Users\Zach\Documents\η παρεα στην Αθηνα
    [2012/01/05 18:47:48 | 000,668,266 | ---- | C] ()(C:\Users\Zach\Documents\GONI?HS TEZA!!.3gp) -- C:\Users\Zach\Documents\ΓONIΔHS TEZA!!.3gp
    [2012/01/05 18:47:48 | 000,628,170 | ---- | C] ()(C:\Users\Zach\Documents\???????? ???O??S ?????? 08) -- C:\Users\Zach\Documents\ΔΗΜΗΤΡΗς ΑΝΤΩΝΗΣ ΑΥΛΑΚΙ 08
    [2012/01/05 18:47:48 | 000,104,405 | ---- | C] ()(C:\Users\Zach\Documents\?????? ????????? 08) -- C:\Users\Zach\Documents\ΜΑΡΙΚΑ ΖΑΧΑΡΙΑΔΗ 08
    [2012/01/05 18:47:48 | 000,019,968 | ---- | C] ()(C:\Users\Zach\Documents\??d??e? ???sßase??.doc) -- C:\Users\Zach\Documents\Κοδικες Προσβασεος.doc
    [2012/01/05 18:47:47 | 010,522,225 | ---- | C] ()(C:\Users\Zach\Documents\???te?018.3gp) -- C:\Users\Zach\Documents\Βίντεο018.3gp
    [2012/01/05 18:47:47 | 001,757,738 | ---- | C] ()(C:\Users\Zach\Documents\a????sta) -- C:\Users\Zach\Documents\αυγουστα
    [2012/01/05 18:47:47 | 000,116,126 | ---- | C] ()(C:\Users\Zach\Documents\??????S09.png) -- C:\Users\Zach\Documents\ΑΝΤΙΜΟΣ09.png
    [2012/01/05 18:47:33 | 000,027,094 | ---- | C] ()(C:\Users\Zach\Documents\Fw PHOTOS ???T???S.htm) -- C:\Users\Zach\Documents\Fw PHOTOS ΑΠΟΘΗΚΗΣ.htm
    [2012/01/05 18:47:21 | 005,643,093 | ---- | C] ()(C:\Users\Zach\Documents\17. ???? ?? S????.mp3) -- C:\Users\Zach\Documents\17. ΑΥΤΟ ΤΟ ΣΠΙΤΙ.mp3
    [2012/01/05 18:47:21 | 004,604,565 | ---- | C] ()(C:\Users\Zach\Documents\18. ??S S??? ?????? ??? ??T??F??.mp3) -- C:\Users\Zach\Documents\18. ΜΕΣ ΣΤΟΥ ΧΡΟΝΟΥ ΤΟΝ ΚΑΘΡΕΦΤΗ.mp3
    [2012/01/05 18:47:20 | 005,731,221 | ---- | C] ()(C:\Users\Zach\Documents\15. FO??? ??S S?? ?????? ???.mp3) -- C:\Users\Zach\Documents\15. ΦΩΤΙΑ ΜΕΣ ΣΤΟ ΠΟΤΗΡΙ ΜΟΥ.mp3
    [2012/01/05 18:47:20 | 005,533,077 | ---- | C] ()(C:\Users\Zach\Documents\16. ?? ?????? G?? ?????.mp3) -- C:\Users\Zach\Documents\16. ΜΗ ΜΙΛΑΤΕ ΓΙΑ ΚΕΙΝΗ.mp3
    [2012/01/05 18:47:20 | 004,882,197 | ---- | C] ()(C:\Users\Zach\Documents\14. ?? ???? ??? ??S?.mp3) -- C:\Users\Zach\Documents\14. ΤΟ ΑΛΛΟ ΜΟΥ ΜΙΣΟ.mp3
    [2012/01/05 18:47:19 | 005,803,221 | ---- | C] ()(C:\Users\Zach\Documents\12. ?OS ?? F?GO.mp3) -- C:\Users\Zach\Documents\12. ΠΩΣ ΝΑ ΦΥΓΩ.mp3
    [2012/01/05 18:47:19 | 005,626,389 | ---- | C] ()(C:\Users\Zach\Documents\11. ????? ?? ?????S.mp3) -- C:\Users\Zach\Documents\11. ΚΟΙΤΑ ΤΙ ΕΚΑΝΕΣ.mp3
    [2012/01/05 18:47:19 | 005,296,341 | ---- | C] ()(C:\Users\Zach\Documents\13. ??? G???????? S??? ????.mp3) -- C:\Users\Zach\Documents\13. ΟΤΙ ΓΕΝΝΙΕΤΑΙ ΣΤΗΝ ΨΥΧΗ.mp3
    [2012/01/05 18:47:18 | 006,246,741 | ---- | C] ()(C:\Users\Zach\Documents\08. ?? ?GG??? ???.mp3) -- C:\Users\Zach\Documents\08. ΑΧ ΑΓΓΕΛΕ ΜΟΥ.mp3
    [2012/01/05 18:47:18 | 005,671,893 | ---- | C] ()(C:\Users\Zach\Documents\09. ??????? ??O?.mp3) -- C:\Users\Zach\Documents\09. ΚΥΡΙΑΚΗ ΠΡΩΙ.mp3
    [2012/01/05 18:47:18 | 005,012,373 | ---- | C] ()(C:\Users\Zach\Documents\10. ?? T? ??T??S ?S?.mp3) -- C:\Users\Zach\Documents\10. ΑΝ ΘΑ ΕΡΘΕΙΣ ΕΣΥ.mp3
    [2012/01/05 18:47:17 | 005,453,214 | ---- | C] ()(C:\Users\Zach\Documents\07. ?O??S G???S??.mp3) -- C:\Users\Zach\Documents\07. ΧΩΡΙΣ ΓΥΡΙΣΜΟ.mp3
    [2012/01/05 18:47:17 | 005,259,477 | ---- | C] ()(C:\Users\Zach\Documents\05. ?????O?? ??S.mp3) -- C:\Users\Zach\Documents\05. ΔΙΚΑΙΩΜΑ ΤΗΣ.mp3
    [2012/01/05 18:47:17 | 004,966,869 | ---- | C] ()(C:\Users\Zach\Documents\06. ??S ??? ??S?? ????.mp3) -- C:\Users\Zach\Documents\06. ΜΕΣ ΤΟΝ ΚΟΣΜΟ ΑΥΤΟ.mp3
    [2012/01/05 18:47:16 | 006,171,136 | ---- | C] ()(C:\Users\Zach\Documents\03.??? ??µe ?et?.rar) -- C:\Users\Zach\Documents\03.Που Πάμε Μετά.rar
    [2012/01/05 18:47:16 | 005,158,101 | ---- | C] ()(C:\Users\Zach\Documents\04. ?????T???S ?????? ??? ??F????.mp3) -- C:\Users\Zach\Documents\04. ΤΡΕΛΑΘΗΚΕΣ ΚΑΡΔΙΑ ΜΟΥ ΞΑΦΝΙΚΑ.mp3
    [2012/01/05 18:47:15 | 005,295,189 | ---- | C] ()(C:\Users\Zach\Documents\03. ??S?? ???????.mp3) -- C:\Users\Zach\Documents\03. ΕΙΣΑΙ ΥΠΕΡΟΧΗ.mp3
    [2012/01/05 18:47:15 | 005,294,613 | ---- | C] ()(C:\Users\Zach\Documents\02. ???? ? ?G??? (T? ?????TO).mp3) -- C:\Users\Zach\Documents\02. ΑΥΤΗ Η ΑΓΑΠΗ (ΘΑ ΤΡΕΛΑΘΩ).mp3
    [2012/01/05 18:47:15 | 005,200,725 | ---- | C] ()(C:\Users\Zach\Documents\01. ?? ??S.mp3) -- C:\Users\Zach\Documents\01. ΝΑ ΠΑΣ.mp3
    [2012/01/05 18:45:09 | 000,000,000 | ---D | M](C:\Users\Zach\Documents\Fw PHOTOS ???T???S_files) -- C:\Users\Zach\Documents\Fw PHOTOS ΑΠΟΘΗΚΗΣ_files
    [2012/01/05 18:45:09 | 000,000,000 | ---D | C](C:\Users\Zach\Documents\Fw PHOTOS ???T???S_files) -- C:\Users\Zach\Documents\Fw PHOTOS ΑΠΟΘΗΚΗΣ_files
    [2012/01/05 18:44:46 | 000,000,033 | ---- | C] ()(C:\Users\Zach\Documents\f??a?µ?????-??s???? 23-12-2007 002.jpg) -- C:\Users\Zach\Documents\φιλαρμονικη-νισυρος 23-12-2007 002.jpg
    [2011/12/06 21:53:57 | 000,010,953 | ---- | M] ()(C:\Users\Zach\Documents\?a??a ?at???µa?????.docx) -- C:\Users\Zach\Documents\Μαρια ΧατζηΕμανουηλ.docx
    [2011/12/06 21:53:56 | 000,010,953 | ---- | C] ()(C:\Users\Zach\Documents\?a??a ?at???µa?????.docx) -- C:\Users\Zach\Documents\Μαρια ΧατζηΕμανουηλ.docx
    [2009/07/21 15:39:48 | 000,116,126 | ---- | M] ()(C:\Users\Zach\Documents\??????S09.png) -- C:\Users\Zach\Documents\ΑΝΤΙΜΟΣ09.png
    [2008/12/26 00:40:44 | 000,019,968 | ---- | M] ()(C:\Users\Zach\Documents\??d??e? ???sßase??.doc) -- C:\Users\Zach\Documents\Κοδικες Προσβασεος.doc
    [2008/11/10 10:17:00 | 001,757,738 | ---- | M] ()(C:\Users\Zach\Documents\a????sta) -- C:\Users\Zach\Documents\αυγουστα
    [2008/11/04 09:34:00 | 000,668,266 | ---- | M] ()(C:\Users\Zach\Documents\GONI?HS TEZA!!.3gp) -- C:\Users\Zach\Documents\ΓONIΔHS TEZA!!.3gp
    [2008/10/13 07:48:00 | 000,104,405 | ---- | M] ()(C:\Users\Zach\Documents\?????? ????????? 08) -- C:\Users\Zach\Documents\ΜΑΡΙΚΑ ΖΑΧΑΡΙΑΔΗ 08
    [2008/10/13 07:44:00 | 000,628,170 | ---- | M] ()(C:\Users\Zach\Documents\???????? ???O??S ?????? 08) -- C:\Users\Zach\Documents\ΔΗΜΗΤΡΗς ΑΝΤΩΝΗΣ ΑΥΛΑΚΙ 08
    [2008/10/12 11:48:32 | 000,027,094 | ---- | M] ()(C:\Users\Zach\Documents\Fw PHOTOS ???T???S.htm) -- C:\Users\Zach\Documents\Fw PHOTOS ΑΠΟΘΗΚΗΣ.htm
    [2008/09/19 07:44:00 | 001,698,148 | ---- | M] ()(C:\Users\Zach\Documents\? pa?ea st?? ????a) -- C:\Users\Zach\Documents\η παρεα στην Αθηνα
    [2008/09/10 17:54:36 | 004,604,565 | ---- | M] ()(C:\Users\Zach\Documents\18. ??S S??? ?????? ??? ??T??F??.mp3) -- C:\Users\Zach\Documents\18. ΜΕΣ ΣΤΟΥ ΧΡΟΝΟΥ ΤΟΝ ΚΑΘΡΕΦΤΗ.mp3
    [2008/09/10 17:51:52 | 005,643,093 | ---- | M] ()(C:\Users\Zach\Documents\17. ???? ?? S????.mp3) -- C:\Users\Zach\Documents\17. ΑΥΤΟ ΤΟ ΣΠΙΤΙ.mp3
    [2008/09/10 17:48:38 | 005,533,077 | ---- | M] ()(C:\Users\Zach\Documents\16. ?? ?????? G?? ?????.mp3) -- C:\Users\Zach\Documents\16. ΜΗ ΜΙΛΑΤΕ ΓΙΑ ΚΕΙΝΗ.mp3
    [2008/09/10 17:45:36 | 005,731,221 | ---- | M] ()(C:\Users\Zach\Documents\15. FO??? ??S S?? ?????? ???.mp3) -- C:\Users\Zach\Documents\15. ΦΩΤΙΑ ΜΕΣ ΣΤΟ ΠΟΤΗΡΙ ΜΟΥ.mp3
    [2008/09/10 17:42:32 | 004,882,197 | ---- | M] ()(C:\Users\Zach\Documents\14. ?? ???? ??? ??S?.mp3) -- C:\Users\Zach\Documents\14. ΤΟ ΑΛΛΟ ΜΟΥ ΜΙΣΟ.mp3
    [2008/09/10 17:39:28 | 005,296,341 | ---- | M] ()(C:\Users\Zach\Documents\13. ??? G???????? S??? ????.mp3) -- C:\Users\Zach\Documents\13. ΟΤΙ ΓΕΝΝΙΕΤΑΙ ΣΤΗΝ ΨΥΧΗ.mp3
    [2008/09/10 17:36:20 | 005,803,221 | ---- | M] ()(C:\Users\Zach\Documents\12. ?OS ?? F?GO.mp3) -- C:\Users\Zach\Documents\12. ΠΩΣ ΝΑ ΦΥΓΩ.mp3
    [2008/09/10 17:32:38 | 005,626,389 | ---- | M] ()(C:\Users\Zach\Documents\11. ????? ?? ?????S.mp3) -- C:\Users\Zach\Documents\11. ΚΟΙΤΑ ΤΙ ΕΚΑΝΕΣ.mp3
    [2008/09/10 17:28:40 | 005,012,373 | ---- | M] ()(C:\Users\Zach\Documents\10. ?? T? ??T??S ?S?.mp3) -- C:\Users\Zach\Documents\10. ΑΝ ΘΑ ΕΡΘΕΙΣ ΕΣΥ.mp3
    [2008/09/10 17:25:26 | 005,671,893 | ---- | M] ()(C:\Users\Zach\Documents\09. ??????? ??O?.mp3) -- C:\Users\Zach\Documents\09. ΚΥΡΙΑΚΗ ΠΡΩΙ.mp3
    [2008/09/10 17:21:50 | 006,246,741 | ---- | M] ()(C:\Users\Zach\Documents\08. ?? ?GG??? ???.mp3) -- C:\Users\Zach\Documents\08. ΑΧ ΑΓΓΕΛΕ ΜΟΥ.mp3
    [2008/09/10 17:18:20 | 005,453,214 | ---- | M] ()(C:\Users\Zach\Documents\07. ?O??S G???S??.mp3) -- C:\Users\Zach\Documents\07. ΧΩΡΙΣ ΓΥΡΙΣΜΟ.mp3
    [2008/09/10 17:15:14 | 004,966,869 | ---- | M] ()(C:\Users\Zach\Documents\06. ??S ??? ??S?? ????.mp3) -- C:\Users\Zach\Documents\06. ΜΕΣ ΤΟΝ ΚΟΣΜΟ ΑΥΤΟ.mp3
    [2008/09/10 17:12:38 | 005,259,477 | ---- | M] ()(C:\Users\Zach\Documents\05. ?????O?? ??S.mp3) -- C:\Users\Zach\Documents\05. ΔΙΚΑΙΩΜΑ ΤΗΣ.mp3
    [2008/09/10 17:09:30 | 005,158,101 | ---- | M] ()(C:\Users\Zach\Documents\04. ?????T???S ?????? ??? ??F????.mp3) -- C:\Users\Zach\Documents\04. ΤΡΕΛΑΘΗΚΕΣ ΚΑΡΔΙΑ ΜΟΥ ΞΑΦΝΙΚΑ.mp3
    [2008/09/10 17:06:24 | 005,295,189 | ---- | M] ()(C:\Users\Zach\Documents\03. ??S?? ???????.mp3) -- C:\Users\Zach\Documents\03. ΕΙΣΑΙ ΥΠΕΡΟΧΗ.mp3
    [2008/09/10 17:03:24 | 005,294,613 | ---- | M] ()(C:\Users\Zach\Documents\02. ???? ? ?G??? (T? ?????TO).mp3) -- C:\Users\Zach\Documents\02. ΑΥΤΗ Η ΑΓΑΠΗ (ΘΑ ΤΡΕΛΑΘΩ).mp3
    [2008/09/10 17:00:20 | 005,200,725 | ---- | M] ()(C:\Users\Zach\Documents\01. ?? ??S.mp3) -- C:\Users\Zach\Documents\01. ΝΑ ΠΑΣ.mp3
    [2008/09/10 16:00:20 | 005,200,725 | ---- | M] ()(C:\Users\Zach\Documents\01. ?? ??S - Copy.mp3) -- C:\Users\Zach\Documents\01. ΝΑ ΠΑΣ - Copy.mp3
    [2008/04/18 18:27:20 | 006,171,136 | ---- | M] ()(C:\Users\Zach\Documents\03.??? ??µe ?et?.rar) -- C:\Users\Zach\Documents\03.Που Πάμε Μετά.rar
    [2008/03/26 13:32:22 | 001,729,921 | ---- | M] ()(C:\Users\Zach\Documents\µaµa µe ??sta..jpg) -- C:\Users\Zach\Documents\μαμα με κοστα..jpg
    [2008/03/01 15:39:22 | 000,000,033 | ---- | M] ()(C:\Users\Zach\Documents\f??a?µ?????-??s???? 23-12-2007 002.jpg) -- C:\Users\Zach\Documents\φιλαρμονικη-νισυρος 23-12-2007 002.jpg
    [2008/01/20 16:50:10 | 010,522,225 | ---- | M] ()(C:\Users\Zach\Documents\???te?018.3gp) -- C:\Users\Zach\Documents\Βίντεο018.3gp

    < End of report >
     
  17. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    EXTRAS.txt


    OTL Extras logfile created on: 6/19/2013 11:29:11 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zach\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.91 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 79.41% Memory free
    15.82 Gb Paging File | 14.02 Gb Available in Paging File | 88.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 351.78 Gb Total Space | 272.96 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
    Drive D: | 234.53 Gb Total Space | 234.43 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

    Computer Name: ZACH-MSI | User Name: Zach | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3511759517-554681407-3083621350-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05CA8C6E-A87B-49BE-9F23-DCAC655AD31D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{0A7554A6-8821-4A1B-BB87-866E34B81F50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1891CC87-02B5-448E-8A9A-4BC9A162EE86}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1A499045-47AE-49D3-826A-93E9A7FDF6F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1D2E982B-5302-47A0-A54E-7EE1FDEBB6EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{36822143-D1FE-43E5-B153-6052ABCB83B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{45E98C7F-ECED-4F6D-9C22-49DE32FE00D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{46646A22-614B-4A6D-A2FD-CAAAC3528D84}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4756B0DD-A317-4793-9926-5CCEDFBBFCF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{522B835D-9941-45AF-976B-A536D66621DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{65376A06-6954-4B52-BCDB-6398106215EA}" = rport=139 | protocol=6 | dir=out | app=system |
    "{67866A57-89DE-4A7A-937D-270102AC34DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7442F33C-2CC0-4B9A-AE6A-184260F3D482}" = lport=445 | protocol=6 | dir=in | app=system |
    "{927B23BC-87B6-433C-8EA6-F17CF5826C37}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
    "{96A50DC9-2A84-4BB3-BAC7-0AF27C8F5C9A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9C3DDA38-AFC5-4BBB-8119-1FB76B38EF1F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{AD8AFC33-7919-470A-8805-8AAD36F3E448}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B2C8B4B8-97DC-40E4-B201-C0C934278790}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{B8F8B448-317A-4713-AC9F-4B34E4F60657}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{BF9EB5DA-CF97-4CB8-8ADB-68AD1D7BAF01}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C908D720-FCB3-42E9-8A29-8D2C7D046763}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{C9696EC2-C1DC-4D40-A042-170EC15E4179}" = lport=137 | protocol=17 | dir=in | app=system |
    "{CA809093-E12A-45D5-A177-AE4E48E0135C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CEA2A87E-1F04-4922-B98C-8AFF6F420190}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
    "{E1699F83-6E93-4372-88CD-C6A48B0701C3}" = rport=138 | protocol=17 | dir=out | app=system |
    "{F0116707-558D-4F9E-901E-2E96D58CEAD7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{F05409A2-4325-4E9E-9A89-2535808387C5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{FA6A9019-1613-4E9F-96FA-2D9D6B540305}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0107FE69-9CAD-4E04-BE88-059F89ECE5C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{022A1C3E-7398-4673-AC75-D4AC116EF7AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{059AF29A-6016-48D4-8A59-F80A5643A1C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{098E95FA-84BE-4623-B2AD-AE8575AB483B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0BDF19F9-0DA1-48AB-AE75-8EE44EA464DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{1200AA97-0ED1-4713-8C8A-BC14E3B85443}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1210E2B4-BB64-47B4-BCCE-E11569ED5CD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{130AB98E-A23C-4D00-B931-FD760421B065}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{14B6C3D7-6883-43B8-AAFE-723AA0AAA9BA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{17A69522-AAC8-4F77-9DE5-3FD5F1BB51D3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{189871C7-4469-4BB2-84C6-7F760CD139DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1ACB35FB-F192-4AB3-9A8D-D4EC6BB64F21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{1C90FEAA-C44A-481A-8500-4D7F468416B8}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{24735D1F-AB59-4FD7-B82F-102EB7F48234}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{2E00139D-9E4C-4150-9DD6-DBCF7A2B47D9}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
    "{3055F897-8B9E-4DB5-A987-699346D48B06}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{354C5DCA-4C6E-499D-B43D-1BBB60C469FD}" = protocol=6 | dir=in | app=c:\users\zach\appdata\local\temp\7zs6214\hpdiagnosticcoreui.exe |
    "{39640198-240C-422E-A3BC-45CBB92ACCAE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3FAF3586-0EE3-49E8-BB53-EB506166E4E5}" = dir=in | app=c:\users\zach\appdata\local\torch\plugins\torrent\torchtorrent.exe |
    "{42416BE6-39AD-4874-88C2-5EBAA284ED5D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4AAD46D2-07C8-455A-BB06-8A6FE85F1E7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4CAE3274-F834-4D7E-81BE-C7654A411BC2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4E8E3358-5D51-4C9B-9B1D-D02830754EFC}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{50D3524D-5AB9-4116-BE2E-C3295B87F432}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5CBB597F-2F23-47E6-A4FF-8CFA266FCC2A}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
    "{6CF116DE-592E-4454-B4AA-DFD585F1A233}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{70BE5DDE-913E-49FC-BF22-8AE948F3C92F}" = protocol=6 | dir=in | app=c:\users\zach\appdata\local\temp\7zs5791\hpdiagnosticcoreui.exe |
    "{74359B23-6287-47B3-A943-3E2EDDF8E76F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{78DB4563-EA3B-4EA7-A2B2-80E26DB18321}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{7ACAB1F0-DC6F-4485-96FE-A27D2475E409}" = protocol=17 | dir=in | app=c:\users\zach\appdata\local\temp\7zs3b2b\hpdiagnosticcoreui.exe |
    "{81D8F3C6-2FAA-4244-9577-386B90A5B2A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{824FD8E3-E929-401B-803D-00B70A4BA4AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8453728E-01BD-40D8-8C84-B4DFC704E600}" = protocol=6 | dir=in | app=c:\users\zach\appdata\local\temp\7zs3b2b\hpdiagnosticcoreui.exe |
    "{87980979-5602-4C88-A7AC-6D5F6E0EED65}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{89E37C9B-46C5-4C46-A7F2-8D3D57E17B59}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{939B7382-2828-45D1-AEC3-EAA8BFB88EF5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{95272932-62E6-4141-9729-95822D523DB6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{975BA28C-6ABD-456F-AFA4-B6780595480B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{9C97E29F-0D09-4C7B-941F-78726DEC6C9C}" = protocol=6 | dir=out | app=system |
    "{A8815139-DF11-4A4F-987A-BBAF574C2FD2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{AA528A48-5EBE-48A3-AA31-BC7757B3039C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{AE015C25-BC8F-4BCF-8605-F37154552B20}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{B9E766FF-994E-4DDA-B160-3AEA830D9F44}" = protocol=17 | dir=in | app=c:\users\zach\appdata\local\temp\7zs6214\hpdiagnosticcoreui.exe |
    "{BB65A18B-9638-4028-BD4F-31879A8F5485}" = protocol=17 | dir=in | app=c:\users\zach\appdata\local\temp\7zs5791\hpdiagnosticcoreui.exe |
    "{C5DE0B27-957D-4DD1-B506-B9C5515E8FF6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{D052A393-2E12-4F48-94FB-AB3338495377}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D680C241-8BAC-4994-B7CC-AAEF362DD3CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E2942F42-4EE3-42C1-82EE-A6B7AE639A38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E3D471B7-998D-4E11-B1E7-CCDCB0C004F8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{E613FD68-A85F-40E1-BEB4-43C75B88B2C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{E67E6B01-A9CF-4A81-8DAD-C6E250CC327D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{E927EB61-AEE0-4E6A-A912-AD22F753D853}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{FEA4CD85-D057-4764-84B2-F4F018A8122B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FFEF46D7-FD12-408D-A837-B57A855E0D5A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{33A06AC3-F20D-417A-B621-83A73771624E}" = HP Officejet Pro 8500 A910 Basic Device Software
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{963EF6DD-DE6B-43D8-A2AC-9217FD39958F}" = HP Officejet Pro 8500 A910 Product Improvement Study
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.04
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.04
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.04
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "D9DD2BFD594FBF5476D0C2CAA2322CB7A65EB7CD" = Windows Driver Package - OEM (mr8980) Image (05/10/2010 1.0.0.0)
    "Elantech" = ETDWare PS/2-x64 7.0.5.15_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{0533A3FE-9EBF-498E-91A8-F6B717441B18}" = Microsoft Office 2007 Help Tab
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Help
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FC46D21-F4A4-42DF-B9A4-27F8A702EBC5}_is1" = Stone Giant 1.0
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
    "{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{30E10267-3B27-42CC-B727-681DEBD30C4D}" = Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{46BBA993-5554-42E7-8042-E760D92A580A}" = GIMP
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5520469F-5FDD-4923-8DBC-343C3336D5D3}" = S-Bar
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = Battery Calibration
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6BFE5BAC-323E-41CC-9867-2F5D0287FCBD}" = myTV
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EE8D436-CF54-4713-ABA1-B885FAB43D33}" = Digital Wireless Camera
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
    "{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{94DE7548-E449-4F7D-804F-0C5CDC3A1E6A}" = EasyFace2
    "{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}" = msi Software Install
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
    "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
    "{C13926BE-159B-4494-BEEC-AB6E207F70AD}" = Cinema ProII Setup
    "{C54184D0-D281-4523-B357-0606209DB56C}" = myTV
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C82185E8-C27B-4EF4-2010-1111BC2C2B6D}" = Microsoft MapPoint North America 2010
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DA5597C9-9216-44FF-9670-D1E48817B998}" = MSI HOUSE
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E9ACF7F7-DB80-49B4-A1BC-63DB90913E67}_is1" = Uniden Surveillance System 5.0.0.302
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3AB5277-869F-4CD6-8397-6E7A0B448A28}" = Marketsplash Print Software
    "{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Every Landlord's Legal Guide" = Every Landlord's Legal Guide
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "I-Charger_is1" = I-Charger
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
    "League of Legends 3.0.0" = League of Legends
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OUTLOOKR" = Microsoft Office Outlook 2007
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3511759517-554681407-3083621350-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "RewardsArcadeSuite" = RewardsArcadeSuite
    "Torch" = Torch

    ========== Last 20 Event Log Errors ==========

    [ System Events ]
    Error - 6/19/2013 11:40:02 AM | Computer Name = Zach-MSI | Source = DCOM | ID = 10010
    Description =


    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    [​IMG] You forgot to reinstall AVG.

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys -- (MGHwCtrl)
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3511759517-554681407-3083621350-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O15 - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..Trusted Domains: mypestpac.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-3511759517-554681407-3083621350-1001\..Trusted Domains: mypestpac.com ([*.www] http in Trusted sites)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
    Last scans....

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    I have done all the scans except the ESET Online scanner but when I go on the website it asks me to download it in order to run it, shall I go ahead with it?
     
  20. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Yes. If you're using some other browser than IE Eset will install small applet.
     
  21. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    Apologies for the extremely long delay. My computer is currently not in reach to me at the moment and as soon as I will I will post the logs.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,015   +255

  23. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    I have reinstalled avg and did every scan you requested, but I was unable to get the eset log. I was informed by another user on this pc that it caught one infected item. Apologies for any inconvenience this causes.

    OTL LOG

    All processes killed
    ========== OTL ==========
    Service MGHwCtrl stopped successfully!
    Service MGHwCtrl deleted successfully!
    File C:\Program Files\msi\msi Software Install\MGHwCtrl.sys not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3511759517-554681407-3083621350-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3511759517-554681407-3083621350-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3511759517-554681407-3083621350-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mypestpac.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3511759517-554681407-3083621350-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mypestpac.com\*.www\ not found.
    Invalid CLSID key: *.www
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-help-qb5\ deleted successfully.
    File Protocol\Handler\intu-help-qb5 - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    File Protocol\Handler\livecall - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
    File Protocol\Handler\msdaipp - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
    File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
    File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
    File Protocol\Handler\ms-itss - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    File Protocol\Handler\msnim - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\qbwc\ deleted successfully.
    File Protocol\Handler\qbwc - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    File Protocol\Handler\wlmailhtml - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
    File Protocol\Handler\wlpg - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TEMP
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Zach
    ->Temp folder emptied: 497749 bytes
    ->Temporary Internet Files folder emptied: 139084931 bytes
    ->Java cache emptied: 2210835 bytes
    ->FireFox cache emptied: 71158679 bytes
    ->Google Chrome cache emptied: 370553918 bytes
    ->Flash cache emptied: 6446 bytes

    User: zach2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 4521286 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 389012500 bytes
    ->Google Chrome cache emptied: 75546986 bytes
    ->Flash cache emptied: 13835 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 6 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 64791 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78106 bytes
    RecycleBin emptied: 5927560 bytes

    Total Files Cleaned = 1,010.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: TEMP

    User: UpdatusUser

    User: Zach
    ->Java cache emptied: 0 bytes

    User: zach2
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TEMP

    User: UpdatusUser

    User: Zach
    ->Flash cache emptied: 0 bytes

    User: zach2
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06202013_101218

    Files\Folders moved on Reboot...
    C:\Users\Zach\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    SECURITY CHECK LOG


    Results of screen317's Security Check version 0.99.67
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    AVG AntiVirus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 17
    Java version out of Date!
    Adobe Flash Player 11.7.700.224
    Adobe Reader 10.1.7 Adobe Reader out of Date!
    Mozilla Firefox 18.0.1 Firefox out of Date!
    Google Chrome 27.0.1453.110
    Google Chrome 27.0.1453.116
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    Symantec Norton Online Backup NOBuAgent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 4%
    ````````````````````End of Log``````````````````````


    FSS LOG


    Farbar Service Scanner Version: 16-06-2013
    Ran by Zach (administrator) on 20-06-2013 at 10:25:07
    Running from "C:\Users\Zach\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2013-06-12 12:11] - [2013-05-08 02:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2013-06-12 12:09] - [2013-05-13 01:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  24. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    [​IMG] Make sure Windows firewall is ON (it's listed as OFF).

    [​IMG] Update Firefox to the current 22.0 version.

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB) and install one of two free alternatives:

    - Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    - PDF-XChange Viewer: http://www.tracker-software.com/product/pdf-xchange-viewer

    [​IMG] 1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =======================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  25. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    Here is the OTL log you requested below.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TEMP
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Zach
    ->Temp folder emptied: 4039432 bytes
    ->Temporary Internet Files folder emptied: 8965803 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 2629949 bytes
    ->Google Chrome cache emptied: 295428703 bytes
    ->Flash cache emptied: 511 bytes

    User: zach2
    ->Temp folder emptied: 279582 bytes
    ->Temporary Internet Files folder emptied: 18449 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 18787502 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 168590 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 227 bytes

    Total Files Cleaned = 315.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TEMP

    User: UpdatusUser

    User: Zach
    ->Flash cache emptied: 0 bytes

    User: zach2
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: TEMP

    User: UpdatusUser

    User: Zach
    ->Java cache emptied: 0 bytes

    User: zach2
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 07052013_103436

    Files\Folders moved on Reboot...
    C:\Users\Zach\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    I will do the rest of your instructions shortly.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.