Solved Adware, possibly other virus-HELP please :)

[mooney12]

Hey guys I got 2000hp with windows 8 new out of the box a couple weeks ago.. disabled auto protect from norton so I could download some files, and for the past week, I dunno why but I seem to have adware..
random links on text, browser redirect, and on this box as a type there is a fold out tab for ads. its really pesky. any help would be greatly appreciated

 

[Broni]

You've been to this forum before so you should know what to do...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

As you know by now there is not a good idea to disable your protection.

 

[mooney12]

Well thanks for the reply, scan of mbam seems to have fixed it

 

[Broni]

It doesn't work that way.
I strongly suggest you follow my previous reply.

 

[mooney12]

Well the info links and redirects stopped, but here are the logs, hope im doing this right, also, when im not connected to a website or doing anything online mbam stops malicious incoming ips?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16482
Run by eric at 6:40:53 on 2014-02-10
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3546.1917 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2922027A-B317-42FE-8B52-478B22E8D7E9} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2922027A-B317-42FE-8B52-478B22E8D7E9}\35A4C4962627162797 : DHCPNameServer = 75.75.75.75 76.76.76.76
TCP: Interfaces\{2922027A-B317-42FE-8B52-478B22E8D7E9}\D49636B6569737055726 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{64B38E84-6789-4740-B463-52D6C4CBC68F} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\25enl8xc.default\
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-11-30 80552]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-11-30 26280]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-12-24 92536]
R2 AdaptiveSleepService;AdaptiveSleepService;C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2013-3-14 103424]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-12-24 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-14 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-14 361984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-2-1 1039160]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-12-24 2468496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-9 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-9 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2014-1-31 144368]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-12-24 239176]
R3 AmdAS4;AmdAS4 service;C:\Windows\System32\Drivers\AmdAS4.sys [2013-2-8 17504]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-2-14 94208]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-21 1526488]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2014-1-31 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-31 137648]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140207.001\IDSviA64.sys [2014-2-8 521944]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-2-9 25928]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-12-24 288328]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-12-24 760032]
R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2014-1-31 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2014-1-31 1139800]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2014-1-31 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2014-1-31 433752]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-12-24 58536]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2014-1-31 23448]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-1 647736]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-5-7 29424]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-5-7 33008]
.
=============== Created Last 30 ================
.
2014-02-10 02:46:21 -------- d-----w- C:\Users\eric\AppData\Roaming\Malwarebytes
2014-02-10 02:45:33 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-10 02:45:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-10 02:45:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 21:10:59 -------- d-----w- C:\Users\eric\AppData\Local\Macromedia
2014-02-08 20:58:08 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-02-08 20:58:08 112872 ----a-w- C:\Windows\System32\consent.exe
2014-02-08 20:03:58 1184256 ----a-w- C:\Windows\System32\Display.dll
2014-02-08 19:59:58 861184 ----a-w- C:\Windows\System32\drivers\http.sys
2014-02-08 01:42:44 733184 ----a-w- C:\Windows\System32\win32spl.dll
2014-02-07 23:51:11 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2014-02-07 23:51:11 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2014-02-07 22:45:00 -------- d-----w- C:\Users\eric\AppData\Local\Skype
2014-02-07 22:44:45 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-07 20:19:32 222720 ----a-w- C:\Windows\System32\scrobj.dll
2014-02-07 20:19:32 194048 ----a-w- C:\Windows\System32\scrrun.dll
2014-02-07 20:19:32 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
2014-02-07 20:19:32 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
2014-02-07 20:19:32 146944 ----a-w- C:\Windows\System32\cscript.exe
2014-02-07 20:19:32 143872 ----a-w- C:\Windows\System32\wshom.ocx
2014-02-07 20:19:32 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
2014-02-07 18:55:38 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2014-02-07 18:55:37 337408 ----a-w- C:\Windows\System32\wintrust.dll
2014-02-07 18:55:37 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-02-07 18:55:37 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-02-07 18:55:36 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2014-02-07 18:55:36 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2014-02-07 18:55:36 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2014-02-07 18:55:36 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-02-07 18:55:36 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2014-02-07 17:26:16 337752 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2014-02-07 17:26:16 213336 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2014-02-07 17:11:04 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2014-02-07 17:11:04 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-02-06 23:47:28 2382336 ----a-w- C:\Windows\SysWow64\esent.dll
2014-02-06 23:47:27 2851840 ----a-w- C:\Windows\System32\esent.dll
2014-02-06 22:28:17 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-02-06 22:28:17 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-02-06 02:10:32 -------- d-----w- C:\Program Files (x86)\Yahoo!
2014-02-06 00:57:39 688640 ----a-w- C:\Windows\System32\WSShared.dll
2014-02-06 00:57:39 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-02-06 00:57:39 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2014-02-06 00:57:39 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-06 00:57:39 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2014-02-06 00:57:39 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-05 23:33:39 288768 ----a-w- C:\Windows\System32\drivers\portcls.sys
2014-02-05 23:30:02 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-02-05 23:30:02 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2014-02-05 21:55:14 4036608 ----a-w- C:\Windows\System32\win32k.sys
2014-02-05 21:31:36 -------- d-----w- C:\Users\eric\screenshots
2014-02-05 21:31:36 -------- d-----w- C:\Users\eric\saves
2014-02-05 21:31:36 -------- d-----w- C:\Users\eric\cdimages
2014-02-05 21:31:36 -------- d-----w- C:\Users\eric\cards
2014-02-05 05:23:21 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2014-02-05 05:23:21 135680 ----a-w- C:\Windows\System32\appserverai.dll
2014-02-05 05:23:21 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2014-02-05 05:23:21 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2014-02-05 05:23:20 148480 ----a-w- C:\Windows\System32\poqexec.exe
2014-02-05 05:23:20 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2014-02-05 01:47:28 10116608 ----a-w- C:\Windows\System32\twinui.dll
2014-02-05 01:47:26 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll
2014-02-05 01:47:24 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2014-02-05 01:47:24 2304512 ----a-w- C:\Windows\System32\authui.dll
2014-02-05 01:47:24 2146304 ----a-w- C:\Windows\System32\actxprxy.dll
2014-02-05 01:47:23 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2014-02-05 01:47:23 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2014-02-04 20:23:19 312320 ----a-w- C:\Windows\System32\msieftp.dll
2014-02-04 20:23:18 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-02-04 18:34:59 240816 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10232.bin
2014-02-03 02:39:23 -------- d-----w- C:\Users\eric\AppData\Roaming\8BitMMO
2014-02-02 04:57:52 -------- d-----w- C:\Program Files (x86)\StarCraft
2014-02-02 04:57:52 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-02-01 23:44:31 -------- d-----w- C:\Program Files\Highlightly
2014-02-01 23:44:30 -------- d-----w- C:\Program Files (x86)\Highlightly
2014-02-01 19:59:38 -------- d-----w- C:\Users\eric\AppData\Roaming\uTorrent
2014-02-01 04:08:41 -------- d-----w- C:\Windows\System32\MRT
2014-02-01 04:00:17 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-02-01 04:00:12 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-02-01 01:59:39 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2014-02-01 01:59:39 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2014-02-01 01:59:39 433752 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys
2014-02-01 01:59:39 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
2014-02-01 01:59:39 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys
2014-02-01 01:59:39 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys
2014-02-01 01:59:39 169048 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
2014-02-01 01:59:39 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2014-02-01 01:59:26 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.028
2014-02-01 00:23:59 529424 ----a-w- C:\Windows\System32\d3dx10_37.dll
2014-01-31 23:49:35 -------- d-----w- C:\Users\eric\AppData\Local\CyberLink
2014-01-31 23:49:05 -------- d-----w- C:\Program Files (x86)\Belarc
2014-01-31 22:29:52 -------- d-----w- C:\Users\eric\AppData\Local\Diagnostics
2014-01-31 07:06:38 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-01-31 07:06:36 -------- d-----w- C:\Program Files (x86)\Steam
2014-01-31 06:07:18 -------- d-----w- C:\Program Files (x86)\Tibianic
2014-01-31 06:07:14 -------- d-----w- C:\Users\eric\AppData\Local\Programs
2014-01-31 06:06:31 -------- d-----w- C:\Users\eric\AppData\Roaming\sc68
2014-01-31 05:58:16 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-01-31 05:48:50 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2014-01-31 05:43:01 -------- d-----w- C:\Users\eric\AppData\Roaming\hpqlog
2014-01-31 05:43:00 -------- d-----w- C:\Users\eric\AppData\Local\Hewlett-Packard
2014-01-31 02:38:34 -------- d-----w- C:\Users\eric\AppData\Local\AMD
2014-01-31 02:38:17 -------- d-----w- C:\Users\eric\AppData\Local\ATI
2014-01-31 02:36:45 -------- d-----r- C:\Users\eric\Searches
2014-01-31 02:36:45 -------- d-----r- C:\Users\eric\Contacts
2014-01-31 02:34:25 -------- d-----w- C:\Users\eric\AppData\Local\Power2Go8
.
==================== Find3M ====================
.
2014-02-10 04:36:14 65536 ----a-w- C:\Windows\System32\spu_storage.bin
2014-02-01 02:00:44 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-01-30 21:10:35 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 21:10:35 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-24 08:47:18 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-12-24 08:47:17 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-12-24 08:47:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-12-24 08:17:02 0 ----a-w- C:\Windows\ativpsrm.bin
2013-12-04 19:46:36 58256 ----a-w- C:\Windows\System32\drivers\hlnfd.sys
.
============= FINISH: 6:42:16.48 ===============

 

[mooney12]

Mbam log (Sorry forgot to post it)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.09.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
eric :: ENCEPHOLON [administrator]

Protection: Enabled

2/9/2014 9:48:33 PM
MBAM-log-2014-02-09 (21-55-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206805
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> 1836 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> No action taken.
HKCR\TypeLib\{EA3802D2-C00A-4478-9319-34075A31C28F} (PUP.Optional.Highlightly) -> No action taken.
HKCR\Interface\{483F56D2-1D67-44A5-A4C5-67DBB724F7A0} (PUP.Optional.Highlightly) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Highlightly (PUP.Optional.Highlightly) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc (PUP.Optional.Highlightly) -> No action taken.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> No action taken.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> No action taken.

Registry Values Detected: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A1G1J1G1P1G1J1G2Q -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc|DisplayName (PUP.Optional.Highlightly) -> Data: Highlightly Client Service -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\Highlightly (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\IE (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\Service (PUP.Optional.Highlightly) -> No action taken.

Files Detected: 10
C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (PUP.Optional.Highlightly) -> No action taken.
C:\Users\eric\Local Settings\Temporary Internet Files\Content.IE5\QXSCZMIX\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> No action taken.
C:\Program Files (x86)\Highlightly\terms-of-service.rtf (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\Uninstall.exe (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\SimpleSC-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\UAC-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> No action taken.

(end)

 

[Broni]

Your MBAM log says "No action taken".
Re-run MBAM fix all issues and post new log.

I still need Attach.txt log from DDS.

 

[mooney12]

MBAM LOG

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.09.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
eric :: ENCEPHOLON [administrator]

Protection: Enabled

2/9/2014 9:48:33 PM
mbam-log-2014-02-09 (21-48-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206805
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> 1836 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EA3802D2-C00A-4478-9319-34075A31C28F} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\Interface\{483F56D2-1D67-44A5-A4C5-67DBB724F7A0} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A1G1J1G1P1G1J1G2Q -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc|DisplayName (PUP.Optional.Highlightly) -> Data: Highlightly Client Service -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\Highlightly (PUP.Optional.Highlightly) -> Delete on reboot.
C:\Program Files (x86)\Highlightly\3rd Party Licenses (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\IE (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Service (PUP.Optional.Highlightly) -> Delete on reboot.

Files Detected: 10
C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Users\eric\Local Settings\Temporary Internet Files\Content.IE5\QXSCZMIX\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\terms-of-service.rtf (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Uninstall.exe (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\SimpleSC-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\UAC-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> Delete on reboot.

(end)

ATTACH.TXT LOG

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 1/30/2014 9:33:20 PM
System Uptime: 2/9/2014 10:15:15 PM (8 hours ago)
.
Motherboard: Hewlett-Packard | | 2128
Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics | Socket FT1 | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 443 GiB total, 380.539 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 2.227 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 1/31/2014 7:22:58 PM - Installed DirectX
RP4: 2/4/2014 1:39:18 PM - Windows Update
RP5: 2/8/2014 1:49:52 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
4 Elements II
7-Zip 9.20 (x64 edition)
8BitMMO
Adobe Flash Player 12 Plugin
Adobe Shockwave Player 11.6
Airport Mania
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Fuel
AMD Start Now
AMD VISION Engine Control Center
Azteca
Bejeweled 3
Belarc Advisor 8.4
Bonjour
Bounce Symphony
Build-a-lot
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chipamp
Counter-Strike: Source
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
Curse at Twilight
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Delicious: Emily's Childhood Memories Premium Edition
Energy Star
Farm Frenzy
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
House of 1000 Doors: Family Secrets
HP Customer Experience Enhancements
HP Documentation
HP MyRoom
HP Postscript Converter
HP Quick Start
HP Recovery Manager
HP Registration Service
HP Support Assistant
HP System Event Utility
HP Utility Center
HP Wireless Button Driver
Jewel Match 3
Luxor Evolved
Mah Jong Medley
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mystery P.I. - Curious Case of Counterfeit Cove
Norton Internet Security
OEM Application Profile
Peggle Nights
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
Polar Bowler
Qualcomm Atheros Driver Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Roads of Rome 3
Rome: Total War
Royal Envoy 2 Collector's Edition
Skype™ 6.13
StarCraft
Steam
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
The Elder Scrolls III: Morrowind
The Elder Scrolls V: Skyrim
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App (HP Games)
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Youda Jewel Shop
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/8/2014 1:52:04 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
2/8/2014 1:50:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8 for x64-based Systems (KB2871777).
2/5/2014 6:57:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Encepholon\eric SID (S-1-5-21-2130435127-2468948025-2318479713-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
2/5/2014 6:57:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A188DB29-2ABC-46CB-9A38-40B82CF5D051} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Encepholon\eric SID (S-1-5-21-2130435127-2468948025-2318479713-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

• Link 1
• Link 2

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[mooney12]

RogueKiller V8.8.6 [Feb 7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : eric [Admin rights]
Mode : Remove -- Date : 02/10/2014 12:02:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS 545050A7E380 SATA Disk Device +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] ad050a5850b5f5cbdfc597d303bc36c6
[BSP] 780172b6e9e55ab818cc7c36d5787f5c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 1910 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_02102014_120250.txt >>
RKreport[0]_S_02102014_120246.txt

 

[mooney12]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16484

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.996000 GHz
Memory total: 3718516736, free: 1789538304

Initializing...
======================
------------ Kernel report ------------
02/10/2014 12:17:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amd_sata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\AmdAS4.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\NISx64\1404000.028\SYMDS64.SYS
\SystemRoot\system32\drivers\NISx64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140207.001\IDSvia64.sys
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS
\SystemRoot\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS
\SystemRoot\system32\drivers\NISx64\1404000.028\Ironx64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140121.001\BHDrvx64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140210.001\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140210.001\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xfffffa800bf6d280
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa800aab2060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xfffffa800b3ce060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xfffffa800b14ab00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800376b740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004b\
Lower Device Object: 0xfffffa800378b060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004e9e060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000037\
Lower Device Object: 0xfffffa8004c19120
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004e9eb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004bdeb20, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8004c19120, DeviceName: \Device\00000037\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1E1F4777

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3912330121
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 3452183d-ea3f-466d-a370-214416171d9f
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3912330121
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 3452183d-ea3f-466d-a370-214416171d9f
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 62717b06-bf37-4e9c-bdf6-a76dbfabdf5b
FirstLBA 2048 Last LBA 821247
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID ba633fbe-8720-486e-b3d5-f07186d8359c
FirstLBA 821248 Last LBA 1353727
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID fa931b46-93cb-4b31-975b-7e6a8b759399
FirstLBA 1353728 Last LBA 1615871
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4c4be50-1f27-4730-a13d-fe2cd6306c71
FirstLBA 1615872 Last LBA 930715647
Attributes 0
Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID bba5d713-52e9-46ee-af55-77cba7cc0a4
FirstLBA 930715648 Last LBA 976773119
Attributes 1
Partition Name Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800376b740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800364c760, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800376b740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800378b060, DeviceName: \Device\0000004b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 98AC2420

Partition information:

Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 3913665
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2003828736 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b3ce060, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80099160b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b3ce060, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800b14ab00, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800bf6d280, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b3dab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bf6d280, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800aab2060, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16484

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.996000 GHz
Memory total: 3718516736, free: 1907671040

Initializing...
======================
------------ Kernel report ------------
02/10/2014 12:44:18
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amd_sata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\AmdAS4.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\NISx64\1404000.028\SYMDS64.SYS
\SystemRoot\system32\drivers\NISx64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140207.001\IDSvia64.sys
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS
\SystemRoot\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS
\SystemRoot\system32\drivers\NISx64\1404000.028\Ironx64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140121.001\BHDrvx64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140210.001\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140210.001\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xfffffa800bf6d280
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa800aab2060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xfffffa800b3ce060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xfffffa800b14ab00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800376b740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004b\
Lower Device Object: 0xfffffa800378b060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004e9e060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000037\
Lower Device Object: 0xfffffa8004c19120
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004e9eb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004bdeb20, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8004c19120, DeviceName: \Device\00000037\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1E1F4777

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3912330121
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 3452183d-ea3f-466d-a370-214416171d9f
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3912330121
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 3452183d-ea3f-466d-a370-214416171d9f
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 62717b06-bf37-4e9c-bdf6-a76dbfabdf5b
FirstLBA 2048 Last LBA 821247
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID ba633fbe-8720-486e-b3d5-f07186d8359c
FirstLBA 821248 Last LBA 1353727
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID fa931b46-93cb-4b31-975b-7e6a8b759399
FirstLBA 1353728 Last LBA 1615871
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4c4be50-1f27-4730-a13d-fe2cd6306c71
FirstLBA 1615872 Last LBA 930715647
Attributes 0
Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID bba5d713-52e9-46ee-af55-77cba7cc0a4
FirstLBA 930715648 Last LBA 976773119
Attributes 1
Partition Name Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800376b740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800364c760, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800376b740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800378b060, DeviceName: \Device\0000004b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 98AC2420

Partition information:

Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 3913665
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2003828736 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b3ce060, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80099160b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b3ce060, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800b14ab00, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800bf6d280, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b3dab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bf6d280, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800aab2060, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

 

[mooney12]

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
eric :: ENCEPHOLON [administrator]

2/10/2014 12:44:26 PM
mbar-log-2014-02-10 (12-44-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 211796
Time elapsed: 18 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[mooney12]

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/10/2014 01:52:03 PM in x64 mode. (Safe Mode)
Windows Version: Windows 8

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI Proxy Service Driver (nsiproxy) is not Running.
Startup Type set to: System

* NetIO Legacy TDI Support Driver (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 02/10/2014 01:54:07 PM
Execution time: 0 hours(s), 2 minute(s), and 4 seconds(s)

 

[mooney12]

ComboFix 14-02-05.02 - eric 02/10/2014 13:21:54.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3546.1951 [GMT -5:00]
Running from: c:\users\eric\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-10 to 2014-02-10 )))))))))))))))))))))))))))))))
.
.
2014-02-10 17:17 . 2014-02-10 18:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-10 17:17 . 2014-02-10 17:44 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-10 17:17 . 2014-02-10 17:43 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-10 02:45 . 2014-02-10 02:45 -------- d-----w- c:\programdata\Malwarebytes
2014-02-10 02:45 . 2014-02-10 02:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-10 02:45 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-08 21:02 . 2014-02-08 21:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-02-08 20:58 . 2013-03-06 07:10 112872 ----a-w- c:\windows\system32\consent.exe
2014-02-08 20:58 . 2013-03-06 06:29 70144 ----a-w- c:\windows\system32\appinfo.dll
2014-02-08 20:03 . 2012-11-20 05:24 1164800 ----a-w- c:\windows\SysWow64\Display.dll
2014-02-08 19:59 . 2013-03-15 00:17 861184 ----a-w- c:\windows\system32\drivers\http.sys
2014-02-08 01:42 . 2013-04-27 05:20 733184 ----a-w- c:\windows\system32\win32spl.dll
2014-02-07 23:51 . 2013-05-04 06:59 2842112 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-02-07 23:51 . 2013-05-04 04:57 2620928 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2014-02-07 22:44 . 2014-02-07 22:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-07 22:44 . 2014-02-07 22:44 -------- d-----r- c:\program files (x86)\Skype
2014-02-07 22:44 . 2014-02-07 22:44 -------- d-----w- c:\programdata\Skype
2014-02-07 20:19 . 2013-10-10 09:32 115712 ----a-w- c:\windows\SysWow64\cscript.exe
2014-02-07 20:19 . 2013-10-10 09:30 162304 ----a-w- c:\windows\SysWow64\scrobj.dll
2014-02-07 20:19 . 2013-10-10 09:30 156160 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-02-07 20:19 . 2013-10-10 09:24 143872 ----a-w- c:\windows\system32\wshom.ocx
2014-02-07 20:19 . 2013-10-10 09:23 146944 ----a-w- c:\windows\system32\cscript.exe
2014-02-07 20:19 . 2013-10-10 09:22 222720 ----a-w- c:\windows\system32\scrobj.dll
2014-02-07 20:19 . 2013-10-10 09:22 194048 ----a-w- c:\windows\system32\scrrun.dll
2014-02-07 18:55 . 2013-07-13 06:16 1889280 ----a-w- c:\windows\system32\crypt32.dll
2014-02-07 18:55 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll
2014-02-07 18:55 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-02-07 18:55 . 2013-07-13 04:23 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-02-07 18:55 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2014-02-07 18:55 . 2013-07-13 06:15 98304 ----a-w- c:\windows\system32\apprepsync.dll
2014-02-07 18:55 . 2013-07-13 06:15 124416 ----a-w- c:\windows\system32\apprepapi.dll
2014-02-07 18:55 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2014-02-07 18:55 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2014-02-07 17:26 . 2013-07-02 01:41 337752 ----a-w- c:\windows\system32\drivers\USBXHCI.SYS
2014-02-07 17:26 . 2013-07-02 01:41 213336 ----a-w- c:\windows\system32\drivers\UCX01000.SYS
2014-02-07 17:11 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll
2014-02-07 17:11 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-02-06 23:47 . 2013-03-22 03:49 2382336 ----a-w- c:\windows\SysWow64\esent.dll
2014-02-06 23:47 . 2013-03-21 22:47 2851840 ----a-w- c:\windows\system32\esent.dll
2014-02-06 22:28 . 2013-11-23 06:43 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2014-02-06 22:28 . 2013-11-23 05:05 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-02-06 02:14 . 2014-02-06 02:14 -------- d-----w- c:\programdata\Yahoo! Companion
2014-02-06 02:14 . 2014-02-06 02:14 -------- d-----w- c:\programdata\Yahoo!
2014-02-06 02:10 . 2014-02-06 02:14 -------- d-----w- c:\program files (x86)\Yahoo!
2014-02-06 00:57 . 2013-12-07 06:37 688640 ----a-w- c:\windows\system32\WSShared.dll
2014-02-06 00:57 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-06 00:57 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-02-06 00:57 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-06 00:57 . 2013-08-16 05:21 198656 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2014-02-06 00:57 . 2013-08-15 22:43 143872 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2014-02-05 23:33 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-02-05 23:30 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2014-02-05 23:30 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2014-02-05 21:55 . 2013-11-06 23:18 4036608 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 05:23 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
2014-02-05 05:23 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2014-02-05 05:23 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2014-02-05 05:23 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll
2014-02-05 05:23 . 2012-11-10 04:23 132608 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-02-05 05:23 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe
2014-02-05 01:47 . 2013-08-02 06:28 10116608 ----a-w- c:\windows\system32\twinui.dll
2014-02-05 01:47 . 2013-08-02 05:08 8858112 ----a-w- c:\windows\SysWow64\twinui.dll
2014-02-05 01:47 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2014-02-05 01:47 . 2013-03-02 02:43 2146304 ----a-w- c:\windows\system32\actxprxy.dll
2014-02-05 01:47 . 2013-02-07 01:33 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-02-05 01:47 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2014-02-05 01:47 . 2013-03-02 10:39 69864 ----a-w- c:\windows\system32\drivers\pdc.sys
2014-02-04 20:23 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2014-02-04 20:23 . 2013-11-01 03:49 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-02-04 18:34 . 2014-02-04 18:34 240816 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10232.bin
2014-02-02 04:57 . 2014-02-02 18:31 -------- d-----w- c:\program files (x86)\StarCraft
2014-02-02 04:57 . 2014-02-02 04:59 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-02-01 23:44 . 2014-02-01 23:44 -------- d-----w- c:\program files\Highlightly
2014-02-01 23:44 . 2014-02-10 03:15 -------- d-----w- c:\program files (x86)\Highlightly
2014-02-01 04:08 . 2014-02-01 04:10 -------- d-----w- c:\windows\system32\MRT
2014-02-01 04:00 . 2014-02-01 04:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-02-01 04:00 . 2014-02-01 04:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-02-01 01:59 . 2014-02-02 08:58 -------- d-----w- c:\windows\system32\drivers\NISx64\1404000.028
2014-02-01 00:23 . 2008-03-06 00:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2014-01-31 23:49 . 2014-01-31 23:49 -------- d-----w- c:\program files (x86)\Belarc
2014-01-31 10:27 . 2014-02-01 21:03 -------- d--h--r- c:\users\Public\AccountPictures
2014-01-31 07:06 . 2014-01-31 22:25 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-01-31 07:06 . 2014-02-10 16:59 -------- d-----w- c:\program files (x86)\Steam
2014-01-31 06:07 . 2014-02-01 01:10 -------- d-----w- c:\program files (x86)\Tibianic
2014-01-31 05:58 . 2014-01-31 05:58 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-01-31 05:48 . 2014-01-31 05:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2014-01-31 05:48 . 2014-01-31 06:05 -------- d-----w- c:\program files (x86)\Winamp
2014-01-31 02:33 . 2014-02-05 21:31 -------- d-----w- c:\users\eric
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-10 12:35 . 2013-12-24 08:17 65536 ----a-w- c:\windows\system32\spu_storage.bin
2014-02-01 02:00 . 2013-12-24 08:55 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-01-31 05:42 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-30 21:10 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 21:10 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-24 08:47 . 2013-12-24 08:47 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-12-24 08:47 . 2013-12-24 08:47 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-12-24 08:47 . 2013-12-24 08:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-12-04 19:46 . 2013-12-04 19:46 58256 ----a-w- c:\windows\system32\drivers\hlnfd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-14 642656]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"HPMessageService"="c:\program files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" [2013-02-25 1045304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [x]
R3 EraserUtilDrv11312;EraserUtilDrv11312;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AdaptiveSleepService;AdaptiveSleepService;c:\program files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe;c:\program files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S3 AmdAS4;AmdAS4 service;c:\windows\System32\drivers\AmdAS4.sys;c:\windows\SYSNATIVE\drivers\AmdAS4.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140121.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140207.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140207.001\IDSvia64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08 21:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}]
2013-12-04 19:46 180840 ----a-w- c:\program files\Highlightly\IE\HighlightlyClientIE.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\25enl8xc.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-02-10 13:35:16
ComboFix-quarantined-files.txt 2014-02-10 18:35
.
Pre-Run: 404,858,613,760 bytes free
Post-Run: 404,710,256,640 bytes free
.
- - End Of File - - C9187D0F58E7EF5BFCA1C68E686593BE
5FB38429D5D77768867C76DCBDB35194

 

[Broni]

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[mooney12]

# AdwCleaner v3.018 - Report created 10/02/2014 at 14:06:57
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : eric - ENCEPHOLON
# Running from : C:\Users\eric\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Start Now Technology.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\25enl8xc.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2095 octets] - [10/02/2014 14:06:18]
AdwCleaner[S0].txt - [2027 octets] - [10/02/2014 14:06:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2087 octets] ##########

 

[mooney12]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by eric on Mon 02/10/2014 at 14:11:58.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{02CC3E92-961B-4215-8FC7-2A1553BA8A21}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{02CC3E92-961B-4215-8FC7-2A1553BA8A21}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{02CC3E92-961B-4215-8FC7-2A1553BA8A21}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{02CC3E92-961B-4215-8FC7-2A1553BA8A21}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/10/2014 at 14:21:28.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[mooney12]

OTL logfile created on: 2/10/2014 2:24:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\eric\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.46 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 68.29% Memory free
4.09 Gb Paging File | 2.83 Gb Available in Paging File | 69.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.03 Gb Total Space | 376.87 Gb Free Space | 85.07% Space Free | Partition Type: NTFS
Drive D: | 21.96 Gb Total Space | 2.23 Gb Free Space | 10.14% Space Free | Partition Type: NTFS
Computer Name: ENCEPHOLON | User Name: eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/02/10 14:21:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\eric\Downloads\OTL.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/25 14:39:26 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/02/01 18:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2012/07/13 18:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/06/07 22:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/08 14:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 22:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/05/30 01:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 13:48:19 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/06/01 13:48:19 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/06/01 13:36:12 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/06/01 13:07:00 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/14 14:16:14 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/03/14 02:42:12 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService)
SRV:64bit: - [2013/03/14 02:41:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/03/04 17:28:40 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/03/04 17:28:24 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2014/02/08 16:09:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/28 01:54:11 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/27 14:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/01 13:36:12 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/01 18:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/11/15 18:49:48 | 002,468,496 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/09/27 13:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 22:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 22:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/31 21:00:44 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 13:48:19 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/06/01 13:40:41 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/06/01 13:36:12 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/06/01 13:27:49 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/06/01 13:09:36 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/06/01 13:06:22 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/06/01 13:06:22 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/05/07 19:41:50 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/07 19:41:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/05/07 19:41:48 | 000,029,424 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/16 06:55:42 | 003,786,752 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/14 15:05:02 | 011,644,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/14 13:47:58 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/04 20:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/14 22:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/08 09:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmdAS4.sys -- (AmdAS4)
DRV:64bit: - [2013/01/23 19:29:56 | 000,288,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/12/27 20:01:36 | 000,760,032 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/11/30 17:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 17:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/09/01 21:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/31 12:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/28 23:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys --

 

[mooney12]

OTL CONTINUED

(NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/25 13:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/20 16:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/06/02 09:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV - [2014/01/31 01:14:46 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140210.001\ex64.sys -- (NAVEX15)
DRV - [2014/01/31 01:14:46 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/01/31 01:14:46 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/31 01:14:46 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140210.001\eng64.sys -- (NAVENG)
DRV - [2014/01/30 20:01:04 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140207.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/21 06:37:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{02CC3E92-961B-4215-8FC7-2A1553BA8A21}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{02CC3E92-961B-4215-8FC7-2A1553BA8A21}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2130435127-2468948025-2318479713-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKU\S-1-5-21-2130435127-2468948025-2318479713-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2130435127-2468948025-2318479713-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKU\S-1-5-21-2130435127-2468948025-2318479713-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-2130435127-2468948025-2318479713-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014/01/31 02:22:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2014/02/10 14:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/02/08 16:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eric\AppData\Roaming\Mozilla\Extensions
[2014/02/08 16:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\25enl8xc.default\extensions
[2014/02/08 16:05:22 | 000,555,162 | ---- | M] () (No name found) -- C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\25enl8xc.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/02/08 16:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/08 16:02:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2130435127-2468948025-2318479713-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2130435127-2468948025-2318479713-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2130435127-2468948025-2318479713-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2922027A-B317-42FE-8B52-478B22E8D7E9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64B38E84-6789-4740-B463-52D6C4CBC68F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/10 14:13:37 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\malware removal stuff
[2014/02/10 14:11:55 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/10 14:05:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/10 13:35:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/10 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\temp
[2014/02/10 13:31:24 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/02/10 13:19:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/10 13:19:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/10 13:19:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2014/02/10 13:19:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/10 13:18:02 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\CrashDumps
[2014/02/10 13:17:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/10 13:16:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/10 12:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/10 12:17:49 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/10 12:17:34 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/09 21:46:21 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Malwarebytes
[2014/02/09 21:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/09 21:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/09 21:45:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/09 21:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/08 16:10:59 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Macromedia
[2014/02/08 16:02:24 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Mozilla
[2014/02/08 16:02:24 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Mozilla
[2014/02/08 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/02/08 16:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/02/08 16:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/07 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Skype
[2014/02/07 17:44:53 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Skype
[2014/02/07 17:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/02/07 17:44:45 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/02/07 17:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/02/07 17:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/02/05 21:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/02/05 21:14:13 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Yahoo!
[2014/02/05 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2014/02/05 21:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/02/05 21:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2014/02/05 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\eric\screenshots
[2014/02/05 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\eric\saves
[2014/02/05 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\eric\cdimages
[2014/02/05 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\eric\cards
[2014/02/04 23:10:51 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\ps1
[2014/02/04 20:03:12 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\psx
[2014/02/02 21:39:23 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\8BitMMO
[2014/02/02 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\triforce
[2014/02/01 23:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft
[2014/02/01 23:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft
[2014/02/01 23:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2014/02/01 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\StarCraft 1.15.2 enUS Installer
[2014/02/01 18:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2014/02/01 18:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Highlightly
[2014/02/01 18:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/02/01 18:41:22 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\zsnes
[2014/02/01 18:30:28 | 001,974,352 | ---- | C] (None) -- C:\Users\eric\Desktop\VisualBoyAdvance.exe
[2014/02/01 14:59:38 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\uTorrent
[2014/01/31 23:08:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/01/31 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\tibia
[2014/01/31 19:24:44 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Skyrim
[2014/01/31 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\eric\Documents\My Games
[2014/01/31 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\eric\Documents\Youcam
[2014/01/31 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\CyberLink
[2014/01/31 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\CyberLink
[2014/01/31 18:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2014/01/31 17:29:52 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Diagnostics
[2014/01/31 02:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2014/01/31 02:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014/01/31 02:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2014/01/31 01:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibianic
[2014/01/31 01:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibianic
[2014/01/31 01:07:14 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Programs
[2014/01/31 01:06:31 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\sc68
[2014/01/31 01:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chipamp
[2014/01/31 00:58:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/01/31 00:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2014/01/31 00:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2014/01/31 00:48:42 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Winamp
[2014/01/31 00:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2014/01/31 00:43:01 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\hpqlog
[2014/01/31 00:43:00 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Hewlett-Packard
[2014/01/31 00:42:53 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Macromedia
[2014/01/31 00:42:40 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Hewlett-Packard
[2014/01/30 21:38:34 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\AMD
[2014/01/30 21:38:17 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\ATI
[2014/01/30 21:38:17 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\ATI
[2014/01/30 21:36:45 | 000,000,000 | R--D | C] -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/01/30 21:36:45 | 000,000,000 | R--D | C] -- C:\Users\eric\Searches
[2014/01/30 21:36:45 | 000,000,000 | R--D | C] -- C:\Users\eric\Contacts
[2014/01/30 21:36:45 | 000,000,000 | R--D | C] -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/01/30 21:36:45 | 000,000,000 | -H-D | C] -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/01/30 21:36:24 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Adobe
[2014/01/30 21:36:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2014/01/30 21:34:25 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Power2Go8
[2014/01/30 21:33:47 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Synaptics
[2014/01/30 21:33:42 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\VirtualStore
[2014/01/30 21:33:37 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Packages
[2014/01/30 21:33:32 | 000,000,000 | --SD | C] -- C:\Users\eric\AppData\Roaming\Microsoft
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\Videos
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\Saved Games
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\Pictures
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\Music
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\Links
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\Favorites
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\Downloads
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\Documents
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\Desktop
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/01/30 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\AppData\Local\Temporary Internet Files
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\Templates
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\Start Menu
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\SendTo
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\Recent
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\PrintHood
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\NetHood
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\Documents\My Videos
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\Documents\My Pictures
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\Documents\My Music
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\My Documents
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\Local Settings
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\AppData\Local\History
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\Cookies
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\Application Data
[2014/01/30 21:33:32 | 000,000,000 | -HSD | C] -- C:\Users\eric\AppData\Local\Application Data
[2014/01/30 21:33:32 | 000,000,000 | -H-D | C] -- C:\Users\eric\Documents\hp.system.package.metadata
[2014/01/30 21:33:32 | 000,000,000 | -H-D | C] -- C:\Users\eric\Documents\hp.applications.package.appdata
[2014/01/30 21:33:32 | 000,000,000 | -H-D | C] -- C:\Users\eric\AppData
[2014/01/30 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Local\Microsoft
[2014/01/30 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/01/30 21:33:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2014/02/10 14:15:29 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/10 14:15:29 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/10 14:15:29 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/10 14:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/10 14:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/10 14:08:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/02/10 14:08:02 | 2974,810,112 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/10 14:01:26 | 002,649,479 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2014/02/10 13:51:16 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/10 12:44:18 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/10 12:43:40 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/10 07:35:58 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2014/02/09 21:45:35 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/08 16:02:16 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/08 15:40:04 | 000,002,427 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/02/07 17:44:47 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/05 21:14:03 | 000,001,172 | ---- | M] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2014/02/05 14:18:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/02/02 21:39:04 | 000,002,090 | ---- | M] () -- C:\Users\eric\Desktop\vba.ini
[2014/02/02 13:26:15 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2014/02/01 18:39:58 | 000,065,536 | ---- | M] () -- C:\Users\eric\Desktop\1141 - Final Fantasy Tactics Advance (U)(Eurasia).sav
[2014/02/01 15:00:11 | 000,000,860 | ---- | M] () -- C:\Users\eric\Desktop\µTorrent.lnk
[2014/02/01 15:00:11 | 000,000,840 | ---- | M] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/01/31 21:00:44 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/31 21:00:44 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/31 21:00:44 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/31 18:49:06 | 000,002,155 | ---- | M] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/01/31 18:49:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2014/01/31 02:06:37 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/01/31 00:49:13 | 000,001,014 | ---- | M] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2014/01/31 00:49:13 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2014/01/30 21:38:10 | 000,001,435 | ---- | M] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
========== Files Created - No Company Name ==========
[2014/02/10 13:51:01 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/10 13:19:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/10 13:19:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/10 13:19:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/10 13:19:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/10 13:19:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/10 06:55:56 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/02/09 21:45:35 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/08 16:09:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/08 16:02:16 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/08 16:02:14 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/08 15:40:04 | 000,002,427 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/02/08 15:02:45 | 000,385,528 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2014/02/07 17:44:47 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/05 21:14:02 | 000,001,172 | ---- | C] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2014/02/05 14:18:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/02/01 23:57:53 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2014/02/01 18:39:58 | 000,065,536 | ---- | C] () -- C:\Users\eric\Desktop\1141 - Final Fantasy Tactics Advance (U)(Eurasia).sav
[2014/02/01 18:30:31 | 000,002,090 | ---- | C] () -- C:\Users\eric\Desktop\vba.ini
[2014/02/01 18:30:00 | 016,777,216 | ---- | C] () -- C:\Users\eric\Desktop\1141 - Final Fantasy Tactics Advance (U)(Eurasia).gba
[2014/02/01 15:00:11 | 000,000,860 | ---- | C] () -- C:\Users\eric\Desktop\µTorrent.lnk
[2014/02/01 15:00:11 | 000,000,840 | ---- | C] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/01/31 18:49:06 | 000,002,155 | ---- | C] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/01/31 18:49:05 | 000,002,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2014/01/31 18:49:05 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2014/01/31 02:06:37 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/01/31 00:49:13 | 000,001,014 | ---- | C] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2014/01/31 00:49:13 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2014/01/30 21:38:10 | 000,001,435 | ---- | C] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/30 21:36:24 | 000,001,441 | ---- | C] () -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/01/30 21:33:32 | 000,002,096 | ---- | C] () -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2014/01/30 21:33:32 | 000,000,352 | ---- | C] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/01/30 21:33:32 | 000,000,334 | ---- | C] () -- C:\Users\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/12/24 03:17:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/14 14:37:00 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/14 14:37:00 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/14 12:49:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/03/14 12:49:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 04:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/08/03 17:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 15:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 15:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 15:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[2013/06/01 13:48:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/02/02 21:39:23 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\8BitMMO
[2014/01/31 01:33:16 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\sc68
[2014/01/30 21:33:47 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\Synaptics
[2014/02/10 13:16:23 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\uTorrent
========== Purity Check ==========

< End of report >

 

[mooney12]

OTL Extras logfile created on: 2/10/2014 2:24:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\eric\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.46 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 68.29% Memory free
4.09 Gb Paging File | 2.83 Gb Available in Paging File | 69.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.03 Gb Total Space | 376.87 Gb Free Space | 85.07% Space Free | Partition Type: NTFS
Drive D: | 21.96 Gb Total Space | 2.23 Gb Free Space | 10.14% Space Free | Partition Type: NTFS
Computer Name: ENCEPHOLON | User Name: eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2130435127-2468948025-2318479713-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0702C7CD-B7E5-46A1-847F-6A6635D0ECF7}" = lport=137 | protocol=17 | dir=in | app=system |
"{1769421C-5536-4F5C-9970-2284ABFCABFF}" = rport=445 | protocol=6 | dir=out | app=system |
"{24830017-E584-4983-BCAD-51E86506E6BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{27642A38-077E-4D3B-924B-3A8B56396910}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28409561-E638-41CD-977D-11C98128E404}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B1FBB4A-86AC-44E4-8971-618944036AD5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5ABBC6A1-7DE9-468B-AF91-F3F6241BDBB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{626D85AE-24F3-4CE4-9AE3-ED148339443E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{85F05D11-0481-4F3C-9F6B-2A31E1877DD3}" = rport=137 | protocol=17 | dir=out | app=system |
"{9FBB5855-EF5D-4AE8-9C40-786E3BFECA55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3D2BFA3-9BD9-474F-853C-E604963C89E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B6037E03-B7B5-4666-A03E-3B8A597F9F32}" = lport=445 | protocol=6 | dir=in | app=system |
"{C05A6B3E-8B5E-4509-B1EE-971B84DB868E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CBE3E77D-88FC-4F91-BF1E-610B4196FBA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CE72F397-91BC-49B0-9E77-C12D587F4860}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2FF0947-AF7A-4686-9F6E-A790B5AED4B5}" = lport=139 | protocol=6 | dir=in | app=system |
"{E41D20B4-F44E-4BC0-9517-92CDA4DF0073}" = rport=138 | protocol=17 | dir=out | app=system |
"{EAD999F9-6684-4287-AE98-3BB7A519C188}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED6C7784-5A3E-4BCF-94C2-AB65256B25BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F1ABE5F0-8B16-4186-A5E0-392445D6B9E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4470EE2-FE98-45AF-8C49-E379C3702FC3}" = lport=138 | protocol=17 | dir=in | app=system |
"{F5F1C527-D912-470E-A5DB-859E0C411D5D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB566D04-B7CB-4184-A25D-3D9AFEB45AE2}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A68C49-ADC4-4D2C-8454-DE94B370BC85}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{126652FF-1E47-4E23-A6F5-D52BEBC6FCEA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{12890E92-5732-4D16-A6E4-7246FA4839DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{130827BD-78DB-4437-BB02-F6D2C2623071}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1C2F2ED0-4D1C-4CE8-97F8-96160D62831A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1CBD2517-B190-488D-B5A0-005230348D8F}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{1CD704E9-31F6-4581-8D7B-2A15B5F62C87}" = dir=out | name=kindle |
"{1D260215-494B-4187-8AA0-207CE57E72CF}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1E98988C-8D65-4A83-AAF5-6714FFD2C92E}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{1EEF3F55-31F0-47F0-9FBC-7FF4A77D12B8}" = dir=in | name=savings center featured offers |
"{2381EC17-004F-4211-B352-D635237AE1E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{23A93B2E-8F53-4602-845D-1496B01E3DE3}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{24045D66-6AE0-4638-B7FA-1648E2209737}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
"{2B8DDDF2-DF58-4B1F-AFEF-5FBD336A2A9F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BFD6D84-E1E2-49BD-BC63-E26626BAE47A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2CAA21B2-33CA-4FE7-9A7B-7A3FCD847A22}" = protocol=58 | dir=in | app=system |
"{2CF502E8-7D46-44B3-A25B-21B990181186}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2F7B94A9-B64D-484E-BD4B-8F91889A538F}" = dir=in | name=hp connected photo powered by snapfish |
"{31BF5A0B-2369-4AD7-9C83-CB924665206D}" = dir=out | name=getting started with windows 8 |
"{32108B6C-DEEE-481A-93F5-05777771A0E8}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{35D01CCC-2AA1-4A34-A278-41A93E8CC370}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{368A7593-DA45-4102-9C28-CC96F1E54937}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{40269640-5452-4316-A7B3-C29EA4C54308}" = dir=out | name=youcam for hp |
"{42035821-C559-49BE-B91B-64BDCF307486}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4322ED11-798F-4295-8D94-D77C79058237}" = dir=out | name=hp connected photo powered by snapfish |
"{45F17C05-71F0-4187-B006-AA4D410FC744}" = dir=out | name=ebay |
"{4D70AD13-3DED-407C-AA41-8E15D1E5B6BD}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{4EE17BAF-B37F-4C5E-9881-910C7F9A9298}" = protocol=6 | dir=out | app=system |
"{50EE17D4-9482-4D37-BB04-993304C51FEF}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{51FF003E-5E3D-4ABD-8D08-8E08E7F7E821}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{52B01E77-FF59-4451-8414-A0189A7EAFE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56AAD9E3-A9FF-4AA7-AEAB-B3ED5F56B303}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{58EAB193-727A-48ED-92AF-5CC74B22AB11}" = dir=in | name=ebay |
"{595EAB62-8B6E-4A4D-A621-9EA9E6CA37A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A47B34A-905A-4355-A523-9B20086BB454}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5E44CE68-2938-4EC2-B7E2-D98598CD6840}" = dir=out | name=box |
"{639AAE5C-94DD-42FD-B9DA-01785961144B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65A31096-749C-43FE-A7BC-99AFAFA7FC86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{67E54DCA-AFB8-41EB-9A83-FCE4234779AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69D05047-950A-4A46-AA89-FFE80C735594}" = dir=out | name=microsoft mahjong |
"{6A6C92E5-ABBA-4D83-AA8A-E77DCCE1EAE1}" = protocol=17 | dir=in | app=c:\users\eric\appdata\roaming\utorrent\utorrent.exe |
"{71D6DADF-D289-48C8-8CF3-95B47B0395CB}" = dir=out | name=microsoft solitaire collection |
"{72185800-3A47-41E6-8F42-9991817A4EF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7AB90A27-0A41-4C83-A3A8-6C26DD99CFA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{7D6CD3C1-DE69-4857-9B33-16690105A6C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\8bitmmo\jre\bin\javaw.exe |
"{7D896CCC-4490-4166-BAD3-B503EF49FE29}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{821432DB-901F-43C5-BEA5-2BFF0F8A1F92}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{865968A2-97BB-4DC9-95A5-6DE55F49089F}" = dir=out | name=hp registration |
"{87480CB5-51E9-41CA-A3FA-2DAEF83C4BFD}" = dir=out | name=norton studio |
"{87F39DC3-A5DB-4F9B-87D8-BF168D04E9BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A196D9D-7D89-45F6-B494-4BDC1E460AF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AC8F378-D421-4A41-BCCB-C03E88BCC6E0}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8B8E2344-29C0-47BC-BB32-D63BDC3FA9EA}" = dir=in | name=box |
"{8C1251B1-2899-4F8C-91F6-26FC796B76CA}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{8C52FFB3-FA72-4DC9-AF6D-72B3DB5CBC77}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{93CA5FF2-AD07-4735-B6D8-C4DDA30DC2C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{950BE5F5-F7C3-4934-BD49-AE842A180BFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{95B21973-7A11-4EFF-AF78-8DB6DCD0F7F0}" = dir=out | name=hp+ |
"{97F33EE9-4F05-46E8-9236-F697491C5009}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{9813F1BB-A335-46C5-8292-51A1B3B608E4}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{9A1A10F0-0944-4A64-B856-CE71AED70D83}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9DE4B770-19AC-4306-8C13-03973931E363}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F96FF87-C310-42FD-9117-CED700614B85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A21DA6A0-59A8-442D-876A-1E5D6454428D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{A653C3B1-4A30-42EE-96CA-55865EA66276}" = dir=out | name=savings center featured offers |
"{A6B0A78E-63C1-4798-ACE0-DAAC88A262F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AA213117-DCC7-4927-9E97-D8D1AC1D2E5A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B03B7273-F97D-4674-8AA2-D75D2671FA5B}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{B457F2C4-D312-4E30-A99F-64C283D90132}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9CA409C-AC50-46CC-8019-1CCA7C29BF73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCC95183-D717-40A0-81AC-041F29E9D6E8}" = dir=out | name=netflix |
"{BD0A7D96-6CEA-4170-9934-F38B70B35664}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{C09E1CF9-D64B-4051-8289-0D26145FF65F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C188D4E4-6C4F-4240-8BA4-F7F7A7C8DB74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C4148DD5-C820-446E-B48C-FB9B868BD85E}" = dir=out | name=hp games |
"{C8316680-5F7F-4397-A76A-60E1B8A7CECC}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{C83328D4-2193-44D3-8DBD-325774727CC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\8bitmmo\jre\bin\javaw.exe |
"{C8A27E33-AD51-4C1E-A5D6-5D03C80856E2}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D1BA5913-8EE4-4B91-9904-B384B8B5223E}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{DF858A6A-EBB8-4030-9991-9C5E374AE4AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E514E9CD-6660-47C5-B93A-339FE4DC0AD6}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{E5308E32-1F9E-4876-9C47-5865C5D1951D}" = dir=out | name=windows_ie_ac_001 |
"{E697E561-7496-4457-AC4F-2ABB215F5F63}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8F780AF-4B06-4A59-BD0F-06319743185F}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{EDDC3AB4-763E-492B-A6AC-D43927495C93}" = protocol=6 | dir=in | app=c:\users\eric\appdata\roaming\utorrent\utorrent.exe |
"{F45F2070-D886-4CC3-96CF-F535924CE01D}" = dir=in | name=hp+ |
"{FD05C972-557E-4101-86AE-63389DDB93CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{FEA3A305-B7C0-400C-97FD-F0B6A57DBA2E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{1CEB6378-9857-49A7-8130-AED57078A51B}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{AF735CA3-58A5-4102-B01D-AF3B1A63BAB8}C:\users\eric\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\eric\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{C03FFAFF-75CB-43B6-AD66-8181B64AC951}C:\users\eric\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\eric\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{C873C590-EFAE-4D13-A4EC-241C8F1E3ECE}C:\users\eric\appdata\local\microsoft\windows\temporary internet files\content.ie5\by2oxifa\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\eric\appdata\local\microsoft\windows\temporary internet files\content.ie5\by2oxifa\downloader_starcraft_combo_enus.exe |
"UDP Query User{0A6E21D5-037E-4DB3-B95D-B582164BF765}C:\users\eric\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\eric\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{4DDBCA35-7CFC-4154-9EF5-E0AF7602B6C6}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{802C3FC5-F507-460B-ACDD-19AFCFCCA0E4}C:\users\eric\appdata\local\microsoft\windows\temporary internet files\content.ie5\by2oxifa\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\eric\appdata\local\microsoft\windows\temporary internet files\content.ie5\by2oxifa\downloader_starcraft_combo_enus.exe |
"UDP Query User{8211EE1E-C8B9-46BD-BECD-A285D47DB5A7}C:\users\eric\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\eric\downloads\downloader_starcraft_combo_enus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50D62A31-CC45-8FE6-409A-AE9E115B7694}" = AMD Catalyst Install Manager
"{65848565-4624-D93D-5BE4-5B71AFD47202}" = AMD Start Now
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73237EBB-B26F-4628-8754-4EFE563D72E9}" = HP Utility Center
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{985A4027-043E-729F-AE90-0CF13175DED5}" = ccc-utility64
"{A5ECBFA3-1A97-EA31-223E-C13D49D0EEAC}" = AMD Accelerated Video Transcoding
"{B5C7FB3A-C1FE-4BF9-9E81-91545E299BFD}" = AMD Fuel
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{082A673A-1895-D14A-625A-214CF23CAE0C}" = Catalyst Control Center Localization All
"{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}" = Realtek PCIE Card Reader
"{0FF3C5BB-C8BB-C6A4-4F42-D8980F347FB7}" = CCC Help Japanese
"{14F7A073-EF79-EAE7-8FF5-06DBED130879}" = Catalyst Control Center InstallProxy
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1AE37508-089E-41AC-95BD-99FF06887C2F}" = HP Recovery Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{234D27D8-C604-73D4-4FC5-D5F4FCE57245}" = CCC Help Russian
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{37872B54-9887-A383-AFD5-407A30723FC8}" = CCC Help Spanish
"{413AF900-6DFB-6A24-36DF-76D49E82A429}" = CCC Help Finnish
"{4BA1A01A-5D12-FCF5-D31A-9683C84CF6F6}" = CCC Help Turkish
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{58F74346-C6C5-6F9F-5EC9-E7B79D1B0D80}" = CCC Help Thai
"{594D097E-298C-EF57-3F00-39E36A7C27BD}" = CCC Help Greek
"{59D139D3-4C2F-C216-9246-4F48675EE685}" = CCC Help Hungarian
"{5AC77A0C-0F2C-C12A-1A3A-2418C446E1D8}" = CCC Help English
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{768836F4-2803-F6C6-E957-F440C0C536BB}" = CCC Help Chinese Standard
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.13
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8BC8FBF3-A4CA-C871-659C-B0A151DFE8D3}" = Catalyst Control Center Graphics Previews Common
"{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}" = HP Documentation
"{8D0B4DA7-406F-D526-AAED-BD76AEB206A3}" = CCC Help Danish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{92323FF7-7417-4C28-9683-2FEA6F654735}" = Catalyst Control Center - Branding
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{9D9C7327-26F2-AD92-3A42-3D82607A896F}" = CCC Help Chinese Traditional
"{A01FEA45-3990-FF30-07A1-12B3947492AD}" = CCC Help Swedish
"{ADE9C050-D346-4FF2-751E-D8E51D599AA1}" = CCC Help Korean
"{B2F0406F-1609-489A-8626-7DB46776AB57}" = HP System Event Utility
"{B75C4AF8-F792-5DEE-0623-48E68598E009}" = CCC Help Italian
"{BC3C5DA7-77DD-431A-0BB8-A5A6B3384C0F}" = CCC Help Czech
"{BFDCE4C2-51FC-F1CC-7E00-33EF51B6114A}" = AMD VISION Engine Control Center
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D34CA6B6-F6A1-C80A-C415-3BC7ECAEB751}" = CCC Help Polish
"{D54D3023-6827-D95B-DF4A-8B5F93CCC681}" = CCC Help Norwegian
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2216794-190F-E858-A456-413ECBE7C2AC}" = CCC Help Dutch
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F408BD6A-CA50-3287-74B7-57816CCCFCC3}" = CCC Help German
"{F65A59AA-FFC9-B53E-729F-F5DCD225C845}" = CCC Help Portuguese
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEC260D1-4F12-2EAC-A1B1-0D30A60CB97A}" = CCC Help French
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Belarc Advisor" = Belarc Advisor 8.4
"Chipamp" = Chipamp
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"StarCraft" = StarCraft
"Steam" = Steam
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 240" = Counter-Strike: Source
"Steam App 250420" = 8BitMMO
"Steam App 4760" = Rome: Total War
"Steam App 72850" = The Elder Scrolls V: Skyrim
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WTA-0a314f35-ef5e-4c6c-833a-a24a80fe7a65" = Zuma's Revenge
"WTA-0d042821-e5d0-4050-bd92-1162637bd9c0" = Farm Frenzy
"WTA-228410ec-d7d9-4317-876b-62a7cd04447c" = Bounce Symphony
"WTA-2353306b-0f8c-413b-86d6-03f2c12b6d04" = Luxor Evolved
"WTA-2d250a85-130f-4286-90f6-a0eeaf2af42c" = Cradle of Rome 2
"WTA-375a0e55-cd3a-4c16-9a2b-90fc87ad3251" = Airport Mania
"WTA-41bc01bd-aec8-403e-b222-8ba0f4d48094" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-45f7cc77-68d0-4870-bed3-8dd9d4cbc120" = Polar Bowler
"WTA-48b4081b-9ba4-4d1a-a4ad-2fb3bea18eca" = Bejeweled 3
"WTA-630ca1fd-7cac-459e-b73f-23591c93a24e" = Build-a-lot
"WTA-6326e85e-a93a-42b9-9d55-6001fce85592" = Governor of Poker 2 Premium Edition
"WTA-69038ccf-b460-4b33-b8a7-f5b664264ee2" = Plants vs. Zombies - Game of the Year
"WTA-6b165739-cc17-44fb-9161-0b91e6f35d1f" = 4 Elements II
"WTA-9158d569-bf86-4837-bdd4-5d0f1357d8ca" = Curse at Twilight
"WTA-a411b977-fa79-400a-97c9-66ad88b4f055" = Jewel Match 3
"WTA-ba445468-a111-4898-9a78-1bc254c48580" = Peggle Nights
"WTA-bd098083-8aec-4116-bc7f-838892f2e5b1" = Azteca
"WTA-c31e055b-bd5d-4cf5-957b-f989a59a9b4b" = House of 1000 Doors: Family Secrets
"WTA-cc8f5fe4-f5e0-41b3-a0b8-5132e9fbb7c2" = Tales of Lagoona
"WTA-e34e6e84-4c0e-4852-a3d0-7d7b2d50a91c" = Roads of Rome 3
"WTA-e81c4185-304c-4c8f-8b1a-103914a79607" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-eaca0cc1-df9b-4fec-acec-3e74dce6e89d" = Royal Envoy 2 Collector's Edition
"WTA-eb90b425-3b16-4c96-b888-94de9a596323" = Delicious: Emily's Childhood Memories Premium Edition
"WTA-f2881011-c386-4e19-9ebc-e80298e43475" = Mah Jong Medley
"WTA-f59e06a0-0f6c-4733-90e7-ae6f9c5c5649" = Vacation Quest™ - Australia
"WTA-fae39fc5-aca2-481b-851d-241514319e1b" = Youda Jewel Shop
"WTA-fd9dff3b-1e28-4fe7-bf1d-3aac9b60fd53" = Cradle Of Egypt Collector's Edition
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2130435127-2468948025-2318479713-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/30/2014 10:34:05 PM | Computer Name = Encepholon | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0x80072EE7
Error - 1/30/2014 10:34:05 PM | Computer Name = Encepholon | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EE7 Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
Error - 1/30/2014 10:34:05 PM | Computer Name = Encepholon | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line
arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error - 1/31/2014 2:01:01 AM | Computer Name = Encepholon | Source = HP Registration Service | ID = 0
Description = The system cannot find the file specified. (Exception from HRESULT:
0x80070002) at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)

at HPMetrics.ScheduleTask.DeleteTask(String TaskName)
Error - 1/31/2014 6:11:58 PM | Computer Name = Encepholon | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall
Error - 1/31/2014 6:25:43 PM | Computer Name = Encepholon | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall
[ System Events ]
Error - 1/31/2014 9:08:43 PM | Computer Name = Encepholon | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:53:46 PM on ?1/?31/?2014 was unexpected.
Error - 2/1/2014 6:08:25 PM | Computer Name = Encepholon | Source = DCOM | ID = 10016
Description =
Error - 2/3/2014 2:50:46 PM | Computer Name = Encepholon | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:48:42 PM on ?2/?3/?2014 was unexpected.
Error - 2/5/2014 7:57:54 PM | Computer Name = Encepholon | Source = DCOM | ID = 10016
Description =
Error - 2/5/2014 7:57:54 PM | Computer Name = Encepholon | Source = DCOM | ID = 10016
Description =
Error - 2/6/2014 4:50:55 PM | Computer Name = Encepholon | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Update for Windows 8 for x64-based Systems (KB2871777).
Error - 2/8/2014 2:49:38 PM | Computer Name = Encepholon | Source = DCOM | ID = 10010
Description =
Error - 2/8/2014 2:49:38 PM | Computer Name = Encepholon | Source = DCOM | ID = 10010
Description =
Error - 2/8/2014 2:50:14 PM | Computer Name = Encepholon | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Update for Windows 8 for x64-based Systems (KB2871777).
Error - 2/8/2014 2:52:04 PM | Computer Name = Encepholon | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

 

[Broni]

OTL logs are clean.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Click on "Run ESET Online Scanner" button.
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[mooney12]

Phew thats alot of scans, im actually gonna go hang out with my brother, will probably get em done for you later tonight, thanks for all your help so far

 

[Broni]

 

[mooney12]

Bro wasnt home, ill have the logs posted soon