Solved Audio ads playing on windows 7 background

Soran · Jan 5, 2014

ComboFix 14-01-04.03 - Binky 01/05/2014 18:26:49.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8154.6289 [GMT -5:00]
Running from: c:\users\Binky\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-12-05 to 2014-01-05 )))))))))))))))))))))))))))))))
.
.
2014-01-05 23:29 . 2014-01-05 23:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-05 23:29 . 2014-01-05 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-05 22:34 . 2014-01-05 22:41 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-05 22:34 . 2014-01-05 22:34 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-05 22:34 . 2014-01-05 22:34 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-05 22:25 . 2014-01-05 22:25 71552 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak
2014-01-05 21:08 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-04 16:02 . 2014-01-04 16:02 -------- d-----w- c:\users\Binky\AppData\Roaming\Malwarebytes
2014-01-04 16:02 . 2014-01-04 16:02 -------- d-----w- c:\programdata\Malwarebytes
2014-01-04 16:02 . 2014-01-05 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-04 15:47 . 2014-01-04 15:47 -------- d-----w- C:\FRST
2014-01-04 15:27 . 2014-01-04 19:36 -------- d-----r- c:\users\Binky\Dropbox
2014-01-04 15:17 . 2014-01-04 15:37 -------- d-----w- c:\users\Binky\AppData\Roaming\Dropbox
2014-01-04 15:14 . 2014-01-04 15:14 -------- d-----w- c:\users\Binky\AppData\Local\Mozilla
2014-01-04 15:09 . 2014-01-04 15:09 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-01-04 15:07 . 2014-01-04 15:07 -------- d-----w- C:\@RestoreQuarantine
2014-01-04 15:06 . 2014-01-04 15:50 -------- d-----w- c:\programdata\RegRun
2014-01-04 14:48 . 2014-01-04 19:36 -------- d-----w- c:\programdata\PrevxCSI
2014-01-04 14:27 . 2014-01-04 14:27 -------- d-----w- c:\program files (x86)\Greatis
2013-12-10 21:14 . 2013-12-10 21:14 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-05 22:07 . 2010-11-21 03:24 512000 ----a-w- c:\windows\system32\rpcss.dll
2013-10-08 11:50 . 2013-10-29 01:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-18 20587168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-11 5119600]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-10 1804240]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-07 09:40 1642448 ----a-w- d:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-07 09:26]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-07 09:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-425261279-1232660756-1529249592-1000\Software\SecuROM\License information*]
"datasecu"=hex:d8,15,20,50,fa,f8,14,32,40,8b,83,8f,ea,9b,f2,11,09,73,96,ec,38,
84,f1,4b,30,54,85,04,8b,35,65,67,b2,af,d4,7e,a6,37,65,69,d5,1e,64,96,75,92,\
"rkeysecu"=hex:a8,1f,4b,bf,66,9e,e0,07,bb,54,db,01,4d,62,a5,02
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-05 18:30:44
ComboFix-quarantined-files.txt 2014-01-05 23:30
ComboFix2.txt 2014-01-04 16:10
.
Pre-Run: 28,925,730,816 bytes free
Post-Run: 28,698,677,248 bytes free
.
- - End Of File - - EA36DBAAD59024811D78DF705D085E38

Broni · Jan 5, 2014

Looks good.

You can reinstall AVG now.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Soran · Jan 5, 2014

# AdwCleaner v3.016 - Report created 05/01/2014 at 18:48:41
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Binky - THEBEAST
# Running from : C:\Users\Binky\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Users\Binky\AppData\Roaming\Mozilla\Firefox\Profiles\bmf3kofn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AskPartnerNetwork

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Mozilla Firefox v

-\\ Google Chrome v26.0.1410.43

[ File : C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1700 octets] - [05/01/2014 18:48:16]
AdwCleaner[S0].txt - [1600 octets] - [05/01/2014 18:48:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1660 octets] ##########

Soran · Jan 5, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Binky on Sun 01/05/2014 at 18:53:41.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/05/2014 at 18:58:06.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Soran · Jan 5, 2014

OTL Extras logfile created on: 1/5/2014 7:00:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Binky\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.72% Memory free
15.92 Gb Paging File | 14.05 Gb Available in Paging File | 88.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83.89 Gb Total Space | 26.47 Gb Free Space | 31.55% Space Free | Partition Type: NTFS
Drive D: | 847.43 Gb Total Space | 686.75 Gb Free Space | 81.04% Space Free | Partition Type: NTFS
Drive E: | 6.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: THEBEAST | User Name: Binky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-425261279-1232660756-1529249592-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "D:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "D:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CEDF52-3E38-441C-BC3C-989399DCF9D2}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{05EE50F1-4E8A-4D8B-A2A1-40D0A749D184}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{0974204F-628F-438E-82A1-EA9606A28725}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the political machine 2012\polmachine2012.exe |
"{0A56779A-CAE8-4E1A-8B97-CBBDC8B5EA6A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil operation raccoon city\raccooncity.exe |
"{0C3BA412-15D0-48AD-8E1A-E827F78B9869}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{0D7EE1B4-7C17-42BD-A54A-2648E83D6D17}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{0FA7E375-335A-439B-8BED-3C31882BB42A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\binkyoffa\garrysmod\hl2.exe |
"{100379E7-9916-4FFB-8E98-E7607DFC49EC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{12D159E8-7EAD-408B-AC00-122C96FF8427}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2013\avgnsa.exe |
"{1C5EB21D-D9DA-4A3A-A4FD-1F6A80DDA7CE}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{1D18421A-3239-46DE-9B6F-85FF344F32F9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{2548C0B4-4020-4A61-9B2F-7BDE384E5BEB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{270C0778-AD4C-4D72-88B5-21A5157BD85F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{2E2D8531-793A-403A-9694-62A0F7318D0D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{426B844F-A0C2-4B97-B309-B81857DB4F8E}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{427387FE-8CF4-425E-BC5A-B2C977B836E1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{45F4F19F-E323-4C76-96A4-8DF69320B3A3}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2013\avgemca.exe |
"{466A7A7B-5B7B-448E-80EA-F766938F5319}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{467B80D0-9302-4E45-9EB3-2F05F3276072}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{4AD7EA44-6D8E-40E8-92B7-B087CCC482E2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{555E2D21-01B5-4D9A-807B-01B147CD854F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{58E1ECFF-3076-440E-925B-413F60155CBA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\binkyoffa\synergy\hl2.exe |
"{5DD90D18-4CF7-4CB8-AD8A-70BC4E6D8C75}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{5F249C5E-FA08-4941-8158-2E08C779EDC2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{66521D91-9678-47CF-B677-BBB05433757D}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2013\avgemca.exe |
"{66CBC793-0BE9-44E7-B066-FE6379E6063F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{6BD3AE4F-B3F3-44C8-A714-80AD7F350761}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{6D4D02EB-B37A-4CD1-AD49-CEEC81EB88E2}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{7113ADE6-4E72-42B8-BA5F-A3FFFE66B5BC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\sacred2.exe |
"{75446104-F55E-4883-AEFF-756B7ED37864}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{795BC3F5-2B14-4187-8C84-09AA78BDBDA1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{7C1822E3-3DB1-4CCC-BCED-72F5AC1DA03E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{81C6CE61-C5E7-42D0-8FE0-FE8DA8BF425C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil operation raccoon city\raccooncity.exe |
"{824F2F00-8CB8-490E-B622-E9ECEF16F0EB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"{840D7B54-6169-404F-B9D6-2D314F990D98}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\splintercell chaos theory\system\splintercell3.exe |
"{84426C3F-5395-4A14-92C9-BA094EFA0097}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{868F9547-124A-47A8-8399-FCD666642E92}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{8733C2C0-4DD0-462E-8527-CDFDDDB51182}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\gun monkeys\gun_monkeys.exe |
"{885310EE-CC43-4E2F-8922-B46CFE883E48}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the political machine 2012\polmachine2012.exe |
"{8AA93643-82EA-4BD9-9F67-551C38AD84F0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{8B3A93C4-5E87-47B2-852E-CCBF4DBB7E69}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{8BA7C93A-918C-465E-98C0-C51004A392EE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{8C09CA83-686C-436C-9C39-E2BAB24C9AE0}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{8CAE8A6E-692B-455C-AE03-31E45B223EC6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{8D6D5A44-0248-43E5-87F7-94E290628C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{8E8C82BE-E807-49AA-9E9B-3CE93CFB260B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{923E092F-53A4-414F-B3CF-861AD3706DB8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"{92EE834B-5155-491C-A711-E664AC7FCB96}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{93E69159-8817-4584-B72B-BE51FB03BDD4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{947F0717-FB4F-48A0-B489-C5814AC67876}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\ss2\shock2.exe |
"{94A8AC06-7624-46A8-B76A-924A8CE66CEF}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{A2A9EC87-3870-4353-A507-75918245E782}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{A3F63578-EE80-471C-BC15-92160C420C9E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\binkyoffa\garrysmod\hl2.exe |
"{A67DDBFE-A6C1-4683-8883-B2D0DD2B86E1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{A84B7113-75D5-4467-9AA2-6183C52595BA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{A926E91B-8971-4109-90BF-AEC5774EC989}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{A9BEAA66-9711-4092-A1B6-3D08CAC8291A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{BD343B66-F24C-414E-A65A-D53260AF6FBE}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe |
"{C196B4EF-93D9-4400-B159-0094B5BF60B4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{C2E9B635-A24C-4E47-B790-9E3692B4A4D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{C30BB573-1682-49F4-A754-541DECCCC32D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\splintercell chaos theory\system\splintercell3.exe |
"{C4216577-5491-4222-BD91-A24D4C724F23}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{C62B58F6-B5B4-49FF-A407-BE0C19BE5FAE}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2013\avgnsa.exe |
"{C648B311-378E-4513-AEF8-7A47B2FD99CC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe |
"{CD9E075F-F092-4EDD-9B81-1F5B6624279C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{D0435F9A-B90B-40DE-A207-FF569ADF3646}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{D367CDD0-435B-4D7D-8A52-93F02239B3DE}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{D504870A-2404-40E8-99B3-797ECA2B0DAE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\ss2\shock2.exe |
"{D63BF033-AF14-410A-91ED-E09ADC473D5D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{DA72A59A-C2DF-4470-9DFE-4A125E983703}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD5E3D85-62AC-4EB4-A0D4-73473E2EB25B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\binkyoffa\synergy\hl2.exe |
"{E4F8D446-298D-41A4-A955-F750133B0693}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{E6A7C55E-7577-45DC-9A19-10A96DD54FD6}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EAB0592A-0E50-4744-B248-999016FDCC86}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"{F12D5CF8-EFF1-4D8A-B329-D04A10AF1C68}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"{F6B375BE-7851-4370-AF8C-4F385E5B0A40}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\sacred2.exe |
"{FC4B9B52-8115-4499-BDE0-84DEA15D70D0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\gun monkeys\gun_monkeys.exe |
"{FC5EFFFD-CAA8-487D-B3B0-C71B531816DE}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{FE04A492-7666-4956-B45D-0919F666C8D0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{FE230FF6-2ECD-4785-B2A5-F051C1951EE9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{FEC561F5-CC88-496B-8B7C-63DC1F26BDB8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"TCP Query User{01F77E4A-6F49-4A50-B049-2B59C5E839F3}D:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{21A524A6-5F34-4B9E-84D8-8B7056C99BCD}D:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe |
"TCP Query User{4F4C04C7-0E6D-45F0-AE5B-05D830251CE0}D:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\games\guild wars 2\gw2.exe |
"TCP Query User{817EE2E8-199A-4BCD-A8A6-4C22BF64A8BB}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8B184D82-761D-4524-9C0B-C9315CE27E43}D:\games\data\ra3_1.12.game" = protocol=6 | dir=in | app=d:\games\data\ra3_1.12.game |
"TCP Query User{95CAF731-CDFE-4764-A12A-3D7412348910}D:\program files (x86)\steam\steamapps\binkyoffa\garrysmod\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\binkyoffa\garrysmod\hl2.exe |
"TCP Query User{A95A1898-95B1-41A1-8036-73129CF5A14C}D:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"TCP Query User{B7D1A805-B651-402A-B72A-005822532235}D:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\program files\diablo ii\game.exe |
"TCP Query User{D062B69A-9202-450D-ABE0-1088698D008B}D:\program files (x86)\cube world\server.exe" = protocol=6 | dir=in | app=d:\program files (x86)\cube world\server.exe |
"TCP Query User{D9043BB2-13E8-4177-AC7F-2EFB8ABF5F68}C:\users\binky\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\binky\appdata\local\temp\gw2.exe |
"TCP Query User{E69E01E3-2FD6-4459-985A-D55796A24864}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"TCP Query User{F7483898-1515-4369-92AB-A4667C9FAFBE}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"UDP Query User{01B64E82-F738-4FE4-9D47-4A8104C1AFFF}D:\games\data\ra3_1.12.game" = protocol=17 | dir=in | app=d:\games\data\ra3_1.12.game |
"UDP Query User{2D873F2B-D496-4E32-8037-05CC6FC2D45C}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"UDP Query User{36456EFA-ACFA-4834-9A6D-E82435E24A14}C:\users\binky\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\binky\appdata\local\temp\gw2.exe |
"UDP Query User{37CD156B-D7D4-486F-9477-5C88D9C176C9}D:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{4428A75F-0286-4ED6-9CAC-FC8AAFE77B95}D:\program files (x86)\cube world\server.exe" = protocol=17 | dir=in | app=d:\program files (x86)\cube world\server.exe |
"UDP Query User{5263D955-2A06-4F24-B414-0A55591013C1}D:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe |
"UDP Query User{7118BAE5-96E6-48C7-8C35-EDDC108DAF7A}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"UDP Query User{7BB4A701-DE2E-48BE-9221-2F814650BE7A}D:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\games\guild wars 2\gw2.exe |
"UDP Query User{CB8F165E-6C0D-4749-B17B-200B96B374F0}D:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\program files\diablo ii\game.exe |
"UDP Query User{D2D99D4A-798F-43D0-9CA2-5DE88890AE13}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{F2489ED8-1608-4B58-8B60-897D0AD8D7D1}D:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"UDP Query User{FFF592F9-8D68-4D91-AF1F-0FA278277864}D:\program files (x86)\steam\steamapps\binkyoffa\garrysmod\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\binkyoffa\garrysmod\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2014
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 45
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2BE418FB-C984-409E-9322-D44E8F394106}" = Qualcomm SmartNet Controller
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0525.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F524A2D-5637-006A-76A7-A758B70C0901}" = Ask Toolbar
"{53466613-9260-4814-AE66-7F3A3FA978D3}" = Livestream for Producers
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @Bios
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1" = Cube World version 0.0.1
"{D84F41A8-33E6-402A-8DD6-D2244235BCB8}" = LogMeIn Hamachi
"{DA6AF673-AD91-4AC7-B2F4-FE0C8A3A7E99}" = EZ Setup B12.0509.01
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Diablo II" = Diablo II
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0525.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PaintToolSAI" = PaintTool SAI Ver.1
"ST6UNST #1" = Hero Editor V1.04
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 107200" = Space Pirates and Zombies
"Steam App 13570" = Tom Clancy's Splinter Cell: Chaos Theory
"Steam App 17520" = Synergy
"Steam App 200170" = Worms Revolution
"Steam App 200710" = Torchlight II
"Steam App 209100" = Resident Evil™: Operation Raccoon City
"Steam App 211120" = The Political Machine 2012
"Steam App 211820" = Starbound
"Steam App 220" = Half-Life 2
"Steam App 225640" = Sacred 2 Gold
"Steam App 22600" = Worms Reloaded
"Steam App 238210" = System Shock 2
"Steam App 239450" = Gun Monkeys
"Steam App 241600" = Rogue Legacy
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 39160" = Dungeon Siege III
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 47890" = The Sims(TM) 3
"Steam App 57690" = Tropico 4
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Uplay" = Uplay
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"WinRAR archiver" = WinRAR 4.20 (32-bit)

< End of report >

Soran · Jan 5, 2014

OTL logfile created on: 1/5/2014 7:00:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Binky\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.72% Memory free
15.92 Gb Paging File | 14.05 Gb Available in Paging File | 88.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83.89 Gb Total Space | 26.47 Gb Free Space | 31.55% Space Free | Partition Type: NTFS
Drive D: | 847.43 Gb Total Space | 686.75 Gb Free Space | 81.04% Space Free | Partition Type: NTFS
Drive E: | 6.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: THEBEAST | User Name: Binky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/05 18:59:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Binky\Downloads\OTL.exe
PRC - [2013/11/29 16:20:48 | 003,806,544 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/11/12 22:02:24 | 005,927,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/15 00:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/08 18:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe
PRC - [2012/03/27 03:14:27 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 15:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/07/12 03:14:26 | 000,331,776 | R--- | M] (VIA Technologies, Inc.) -- C:\VIA_XHCI\usb3Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/07 04:09:22 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cbbd3d2335c2d89b7ee5d035651bd80\IAStorUtil.ni.dll
MOD - [2013/04/07 04:09:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d68502fe60d7ada68627a895282ef58d\IAStorCommon.ni.dll
MOD - [2010/11/20 22:49:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010/11/20 22:48:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010/11/20 22:48:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010/11/20 22:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010/11/20 22:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010/11/20 22:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010/11/20 22:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/20 22:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/02/08 13:37:01 | 000,613,688 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV:64bit: - [2012/05/04 06:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/12/08 15:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/29 16:20:42 | 002,210,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/11 11:51:18 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 00:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/08/30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/20 17:20:07 | 000,015,344 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/12/19 18:01:19 | 000,082,416 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/12/19 18:01:19 | 000,014,320 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/12/19 00:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/05/04 06:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/03/27 03:13:18 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/27 03:13:18 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/27 03:13:17 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/01 15:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/19 23:39:16 | 000,205,312 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012/01/19 23:39:04 | 000,254,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011/11/10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/11 17:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/08/09 00:42:36 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/04/28 23:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/05/29 06:58:30 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/04/07 05:14:15 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013/04/07 04:45:34 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2013/04/07 04:15:26 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-425261279-1232660756-1529249592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-425261279-1232660756-1529249592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-425261279-1232660756-1529249592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 4D CD 1C 6F 33 CE 01 [binary data]
IE - HKU\S-1-5-21-425261279-1232660756-1529249592-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-425261279-1232660756-1529249592-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-425261279-1232660756-1529249592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-425261279-1232660756-1529249592-1001\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js - File not found
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: D:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

[2014/01/04 10:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Binky\AppData\Roaming\Mozilla\Extensions
[2014/01/05 18:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Binky\AppData\Roaming\Mozilla\Firefox\Profiles\bmf3kofn.default\extensions
[2014/01/04 10:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/04 10:14:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/04 10:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/01/04 14:36:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = D:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - Extension: Google Docs = C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Gmail = C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Lonely Tree, Colorful Sky = C:\Users\Binky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnamgjfnfbmklnbfkklbmaliddkehejf\1.0_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-425261279-1232660756-1529249592-1000..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-425261279-1232660756-1529249592-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-425261279-1232660756-1529249592-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-425261279-1232660756-1529249592-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-425261279-1232660756-1529249592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-425261279-1232660756-1529249592-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A70861EC-E211-4E41-9236-ECAECCE3D544}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C125DFA9-CA8A-4DFA-9B1C-B3B4136C7E77}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/10 09:47:23 | 000,447,752 | R--- | M] (Electronic Arts, Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/10 09:47:19 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2008/10/10 09:47:24 | 001,749,504 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2008/10/10 09:47:17 | 000,000,137 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/05 18:53:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/05 18:47:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/05 18:43:39 | 000,000,000 | ---D | C] -- C:\Users\Binky\AppData\Roaming\AVG2014
[2014/01/05 18:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/01/05 18:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/01/05 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\Binky\AppData\Local\Avg2014
[2014/01/05 18:30:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/05 18:30:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/05 18:26:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/05 18:26:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/05 18:26:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/05 18:26:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/01/05 18:26:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/05 17:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/05 17:34:22 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/05 17:34:00 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/05 17:33:58 | 000,000,000 | ---D | C] -- C:\Users\Binky\Desktop\mbar
[2014/01/05 17:26:00 | 000,082,416 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wachidrouter.sys.bak
[2014/01/05 17:26:00 | 000,015,344 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys.bak
[2014/01/05 17:25:46 | 000,315,696 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\mvs91xx.sys.bak
[2014/01/05 17:25:46 | 000,014,128 | ---- | C] (Marvell Semiconductor Inc.) -- C:\Windows\SysNative\drivers\mvxxmm.sys.bak
[2014/01/05 17:25:43 | 000,104,560 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys.bak
[2014/01/05 17:25:43 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/05 17:25:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2014/01/05 17:25:41 | 000,014,320 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys.bak
[2014/01/05 17:25:40 | 000,033,856 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys.bak
[2014/01/05 17:25:40 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/05 17:25:38 | 001,617,472 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys.bak
[2014/01/05 17:25:36 | 000,240,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys.bak
[2014/01/05 17:25:35 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys.bak
[2014/01/05 17:25:35 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys.bak
[2014/01/05 17:25:35 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys.bak
[2014/01/05 17:25:35 | 000,116,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys.bak
[2014/01/05 17:25:35 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys.bak
[2014/01/05 17:25:35 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys.bak
[2014/01/05 17:25:34 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/05 17:24:29 | 000,000,000 | ---D | C] -- C:\Users\Binky\Desktop\RK_Quarantine
[2014/01/05 16:39:52 | 000,000,000 | ---D | C] -- C:\Users\Binky\Desktop\rkill
[2014/01/05 16:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/05 16:08:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/04 11:03:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/04 11:02:39 | 000,000,000 | ---D | C] -- C:\Users\Binky\AppData\Roaming\Malwarebytes
[2014/01/04 11:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/04 11:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/04 10:47:55 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/04 10:27:30 | 000,000,000 | R--D | C] -- C:\Users\Binky\Dropbox
[2014/01/04 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\Binky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/01/04 10:17:32 | 000,000,000 | ---D | C] -- C:\Users\Binky\AppData\Roaming\Dropbox
[2014/01/04 10:14:32 | 000,000,000 | ---D | C] -- C:\Users\Binky\AppData\Roaming\Mozilla
[2014/01/04 10:14:32 | 000,000,000 | ---D | C] -- C:\Users\Binky\AppData\Local\Mozilla
[2014/01/04 10:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/01/04 10:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/01/04 10:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2014/01/04 10:07:12 | 000,000,000 | ---D | C] -- C:\@RestoreQuarantine
[2014/01/04 10:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2014/01/04 09:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2014/01/04 09:27:36 | 000,000,000 | -H-D | C] -- C:\Users\Binky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2014/01/04 09:27:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2014/01/04 09:27:35 | 000,000,000 | ---D | C] -- D:\mydocuments\RegRun2
[2014/01/04 09:27:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2014/01/04 09:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegRun Security Suite
[2014/01/04 09:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2014/01/04 09:05:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/15 03:40:12 | 000,000,000 | ---D | C] -- D:\mydocuments\abcsongs
[2013/12/10 16:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/12/10 16:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/12/10 16:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

========== Files - Modified Within 30 Days ==========

[2014/01/05 18:57:42 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 18:57:42 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 18:56:20 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/05 18:56:20 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/05 18:56:20 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/05 18:50:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/05 18:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/05 18:50:09 | 2117,672,959 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 18:43:12 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/01/05 18:39:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/05 17:34:22 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/05 17:34:00 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/05 17:26:00 | 000,082,416 | ---- | M] (Wacom Technology) -- C:\Windows\SysNative\drivers\wachidrouter.sys.bak
[2014/01/05 17:26:00 | 000,015,344 | ---- | M] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys.bak
[2014/01/05 17:25:46 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\mvs91xx.sys.bak
[2014/01/05 17:25:46 | 000,014,128 | ---- | M] (Marvell Semiconductor Inc.) -- C:\Windows\SysNative\drivers\mvxxmm.sys.bak
[2014/01/05 17:25:43 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys.bak
[2014/01/05 17:25:43 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/05 17:25:43 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2014/01/05 17:25:41 | 000,014,320 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys.bak
[2014/01/05 17:25:40 | 000,033,856 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys.bak
[2014/01/05 17:25:40 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/05 17:25:38 | 001,617,472 | ---- | M] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys.bak
[2014/01/05 17:25:36 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys.bak
[2014/01/05 17:25:36 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys.bak
[2014/01/05 17:25:35 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys.bak
[2014/01/05 17:25:35 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys.bak
[2014/01/05 17:25:35 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys.bak
[2014/01/05 17:25:35 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys.bak
[2014/01/05 17:25:35 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys.bak
[2014/01/05 17:25:35 | 000,021,616 | ---- | M] () -- C:\Windows\SysNative\drivers\AppleCharger.sys.bak
[2014/01/05 17:25:35 | 000,015,872 | ---- | M] () -- C:\Windows\SysNative\drivers\anodlwfx.sys.bak
[2014/01/05 17:25:34 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/05 16:13:22 | 000,000,089 | ---- | M] () -- C:\Windows\SysNative\qpkatbn.rob
[2014/01/05 16:08:15 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 10:01:04 | 000,007,605 | ---- | M] () -- C:\Users\Binky\AppData\Local\Resmon.ResmonCfg
[2014/01/04 08:50:52 | 000,037,376 | ---- | M] () -- C:\Windows\SysNative\hvcc.yan
[2014/01/04 08:50:52 | 000,000,097 | ---- | M] () -- C:\Windows\SysNative\ciog.mhp
[2014/01/04 08:39:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\gryu.rwa
[2014/01/04 08:23:54 | 000,219,314 | --S- | M] () -- C:\Windows\SysNative\zblcyfh.hqd

========== Files Created - No Company Name ==========

[2014/01/05 18:43:12 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/01/05 18:26:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/05 18:26:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/05 18:26:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/05 18:26:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/05 18:26:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/05 17:25:35 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys.bak
[2014/01/05 17:25:34 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\drivers\anodlwfx.sys.bak
[2014/01/05 16:08:15 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 10:01:04 | 000,007,605 | ---- | C] () -- C:\Users\Binky\AppData\Local\Resmon.ResmonCfg
[2014/01/04 08:50:52 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\hvcc.yan
[2014/01/04 08:40:29 | 000,000,089 | ---- | C] () -- C:\Windows\SysNative\qpkatbn.rob
[2014/01/04 08:39:34 | 000,000,097 | ---- | C] () -- C:\Windows\SysNative\ciog.mhp
[2014/01/04 08:39:34 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\gryu.rwa
[2014/01/04 08:23:54 | 000,219,314 | --S- | C] () -- C:\Windows\SysNative\zblcyfh.hqd
[2013/11/01 17:35:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/07/12 13:33:23 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2013/05/04 00:19:25 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/07 04:15:26 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013/04/07 04:05:34 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 22:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 22:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/14 13:05:04 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\.minecraft
[2014/01/05 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\AVG2014
[2014/01/04 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\Dropbox
[2013/07/30 22:37:25 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\ftblauncher
[2013/09/17 13:05:31 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\Guild Wars 2
[2013/11/27 03:51:06 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\Kalypso Media
[2013/11/01 17:36:12 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\MinMaxGames
[2013/09/28 21:51:37 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\Origin
[2013/07/12 20:54:43 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\Red Alert 3
[2013/04/13 02:33:27 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\SYSTEMAX Software Development
[2013/11/27 04:53:08 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\Tropico 4
[2013/04/07 04:33:40 | 000,000,000 | ---D | M] -- C:\Users\Binky\AppData\Roaming\TuneUp Software
[2013/04/13 01:47:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/04/13 01:47:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

Soran · Jan 5, 2014

Those are the logs! Thanks for the continued help

Soran · Jan 5, 2014

Also like I said in previous replies: There is a new folder on my desktop, with my name on it. Should I be concerned?

Also, the little "arrow" at the bottom right of my desktop bar/task bar is missing, the one thats usually next to the internet icon and volume mixer and time/date, should I also be concerned about this?

Broni · Jan 5, 2014

There is a new folder on my desktop, with my name on it. Should I be concerned?

You can delete it. It's just a shortcut.

Also, the little "arrow" at the bottom right of my desktop bar/task bar is missing, the one thats usually next to the internet icon and volume mixer and time/date, should I also be concerned about this?

I'm not very sure what you're referring to.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
FF - prefs.js - File not found
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
O4 - HKU\S-1-5-21-425261279-1232660756-1529249592-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/01/04 08:50:52 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\hvcc.yan
[2014/01/04 08:40:29 | 000,000,089 | ---- | C] () -- C:\Windows\SysNative\qpkatbn.rob
[2014/01/04 08:39:34 | 000,000,097 | ---- | C] () -- C:\Windows\SysNative\ciog.mhp
[2014/01/04 08:39:34 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\gryu.rwa
[2014/01/04 08:23:54 | 000,219,314 | --S- | C] () -- C:\Windows\SysNative\zblcyfh.hqd


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Click on "Run ESET Online Scanner" button.
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Soran · Jan 5, 2014

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-425261279-1232660756-1529249592-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\SysNative\hvcc.yan moved successfully.
C:\Windows\SysNative\qpkatbn.rob moved successfully.
C:\Windows\SysNative\ciog.mhp moved successfully.
C:\Windows\SysNative\gryu.rwa moved successfully.
C:\Windows\SysNative\zblcyfh.hqd moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Binky
->Temp folder emptied: 2301119 bytes
->Temporary Internet Files folder emptied: 3925494 bytes
->Java cache emptied: 479088 bytes
->FireFox cache emptied: 18789197 bytes
->Google Chrome cache emptied: 80269238 bytes
->Flash cache emptied: 55583 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1196 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 71409761 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 169.00 mb

[EMPTYJAVA]

User: All Users

User: Binky
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Binky
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01052014_200608

Files\Folders moved on Reboot...
C:\Users\Binky\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Soran · Jan 5, 2014

Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Premium Security 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.7.700.169
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

Soran · Jan 5, 2014

Farbar Service Scanner Version: 05-12-2013
Ran by Binky (administrator) on 05-01-2014 at 20:11:38
Running from "C:\Users\Binky\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2010-11-20 22:24] - [2010-11-20 22:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-11-20 22:24] - [2010-11-20 22:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

C:\Windows\System32\dnsrslvr.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Soran · Jan 5, 2014

Currently working on the ESET online scanner , its found 1 trojan so far. Says: Win64/patched.H Trojan

I will keep you updated :X

Broni · Jan 5, 2014

Soran · Jan 5, 2014

The scan is finally done after 60 some minutes! Here it is!

Soran · Jan 5, 2014

C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\rpcss.dll Win64/Patched.H trojan deleted - quarantined

Broni · Jan 5, 2014

That's in one of your restore points. We'll reset them with our next steps.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

Soran · Jan 5, 2014

Im sorry Broni, I forgot to post the log before the reboot of OTL on the cleanup process

seems I cant get the log now.

Also, I seem to have another underlining problem now, none of my sound works. I cant hear music, videos, not even the windows sound effects like the reboot-sound effect. My microphone and headset arent picking up me speaking or playing back any sound at all :X

Broni · Jan 5, 2014

In this forum, we make sure, your computer is free of malware and your computer is clean

Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

Soran · Jan 5, 2014

Thank you for the help, I will do just that~

I have a final question though. About the virus that created the ads. What are the chances of reinfection, and how does infection happen? To my knowledge, I did nothing to provoke the virus onto my computer, as I was browsing safe sites.

I just wanna learn as much info as I can on this virus, to hopefully prevent future troubles. thank you

Broni · Jan 5, 2014

There is really no way to tell how exactly you got infected - too many variables.

Soran · Jan 5, 2014

Ohhh ok, so just pretty much random chance. Thats unfortunate. Well, thank you Broni, for all your hard work, that was a tough 6 or 7 hours but you helped me out

and many others! Hopefully this sorta thing doesnt happen again in the future, its always quite stressful, for everyone im sure!

thanks again! you were awesome! You and the other tech support here are genius's

Broni · Jan 5, 2014

You're very welcome

Solved Audio ads playing on windows 7 background

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Similar threads