Inactive Sudden Change in Computer Attitude.

abe10tiger · Apr 12, 2014

Sudden crashes, RAM hitting 100% causing my pc to become unresponsive, Firefox hangs all the time and PC becomes so slow at random times. Yup. Any help would be great. Scanned the system with MBAM and the results showed infection. Below are the results. Thanks!

Malwarebytes Anti-Malware Scan results:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/12/2014
Scan Time: 11:37:52 AM
Logfile: scan.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.11.14
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Abe10tiger

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352839
Time Elapsed: 20 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
PUP.Optional.YTDToolbar, HKU\S-1-5-21-570735593-1496461725-3492070277-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{F3FEE66E-E034-436a-86E4-9690573BEE8A}, No Action By User, [839792976912f3431adf31dfa35ffb05],
PUP.Optional.YTDToolbar, HKU\S-1-5-21-570735593-1496461725-3492070277-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{F3FEE66E-E034-436A-86E4-9690573BEE8A}, No Action By User, [839792976912f3431adf31dfa35ffb05],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 25
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2)

, No Action By User,[73a7a782e49754e213f4e367d62e0bf5]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "ir_14_11_ff")

, No Action By User,[0515df4a99e2f73f1aed5feb21e3cd33]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}")

, No Action By User,[c357f3362655e551aa5d96b4828237c9]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q")

, No Action By User,[bd5dc168770445f18c7b6edc56ae8e72]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "897699611")

, No Action By User,[0416e940f388122456b14ffb1de7e61a]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", "")

, No Action By User,[38e21811c3b890a647c01832a361b34d]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true)

, No Action By User,[ba6051d85d1e75c19f683a10857f1fe1]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true)

, No Action By User,[41d9c762186358de9374aaa09f65758b]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false)

, No Action By User,[51c98d9cd4a760d65daa1a30d232d62a]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true)

, No Action By User,[76a43cedea919f979770ba9052b24cb4]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&...tGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=")

, No Action By User,[49d1f039bdbe58de1fe8a9a144c007f9]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "10673511D8679641")

, No Action By User,[ff1baa7fcdae16206d9ac783d72d17e9]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16145")

, No Action By User,[c3573dec2952cd6957b0c08a897bb54b]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "140305_a")

, No Action By User,[4dcd2dfcbbc0270faa5d0941e91b926e]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&...tGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=")

, No Action By User,[0c0e0227dba0a78f54b3e763699b7e82]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial")

, No Action By User,[ad6d96935a21cc6a8087bb8f3fc5f907]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial")

, No Action By User,[f426f83199e20e28f413fb4f0ff5e917]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial")

, No Action By User,[b763d059bdbe3204ec1bf95108fcf808]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base")

, No Action By User,[f624e5441a611c1aaa5d77d3cd371ee2]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&...CyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=&q=")

, No Action By User,[72a80d1c126974c2d0378fbbde263dc3]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0")

, No Action By User,[ec2e6cbdc4b7d16518ef54f608fc2cd4]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0")

, No Action By User,[08124edbc2b9072f8f784505788cd030]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false)

, No Action By User,[ea30d356cab1e4521fe899b1798b8d73]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none")

, No Action By User,[8b8f9c8d5526ea4c8b7c19316a9a4ab6]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:28:16")

, No Action By User,[70aa56d397e473c3f413ba90996b37c9]

Physical Sectors: 0
(No malicious items detected)

(end)

DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Abe10tiger at 13:37:58 on 2014-04-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.63.1033.18.2047.684 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
c:\program files\idt\wdm\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Windows\System32\wscript.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Users\Abe10tiger\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
mDefault_Search_URL = hxxp://www.google.com
uURLSearchHooks: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - <orphaned>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll
BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock: {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - LocalServer32 - <no file>
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
uRun: [Steam] "E:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Abe10tiger\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [dzleyclwdn] wscript.exe //B "C:\Users\Abe10tiger\AppData\Roaming\dzleyclwdn.vbs"
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PaperPort PTD] c:\program files (x86)\scansoft\paperport\pptd40nt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Anti Keylogger Virtual Keyboard ] "C:\Program Files (x86)\Anti Keylogger Virtual Keyboard\keyboard.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
StartupFolder: C:\Users\ABE10T~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Abe10tiger\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dzleyclwdn.vbs
StartupFolder: C:\Users\ABE10T~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\ABE10T~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9BE9BD0A-3CC7-4B61-95AC-5A4E271B7ED7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9BE9BD0A-3CC7-4B61-95AC-5A4E271B7ED7}\05C44445D4974435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FA42F348-BB24-4AB2-92AC-B21630D0F7AF} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
x64-mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
x64-BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} -
x64-Run: [PaperPort PTD] c:\program files (x86)\scansoft\paperport\pptd40nt.exe
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\NPRobloxProxy.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Abe10tiger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.irmysearch.aflt - ir_14_11_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_a
FF - user.js: extensions.irmysearch.cr - 897699611
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=&q=
FF - user.js: extensions.mysearchdial.id - 10673511D8679641
FF - user.js: extensions.mysearchdial.instlDay - 16145
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.015:28:16
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - ir_14_11_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 897699611
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2011-11-5 54848]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-31 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-6 270912]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-3-16 881952]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-5 440400]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-5 440400]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-11-5 1017424]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2014-3-17 807800]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-31 108440]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-1-28 2135232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-12 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-12 857912]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-28 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-28 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-28 411936]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2011-8-5 115312]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2012-10-25 222904]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-12 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-12 63192]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-28 39200]
R3 XFDriver64;XFDriver64;C:\Program Files (x86)\Xfire2\XFDriver64.sys [2013-10-13 17160]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ProtectMonitor;Protect Monitor;C:\Program Files (x86)\PCData\StartHelp.exe [2014-3-13 90680]
S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-9-1 2503504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-9-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-21 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-8-7 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-12 19:25:36 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-12 19:24:38 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-12 19:24:38 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-12 19:24:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 18:39:04 -------- d-----w- C:\Crash
2014-04-05 12:39:18 154 ----a-w- C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat
2014-04-05 12:31:27 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\SCE
2014-04-03 19:52:06 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\UWebKit
2014-04-03 19:51:51 -------- d-----w- C:\Users\Abe10tiger\AppData\Roaming\.mono
2014-03-28 17:43:15 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-28 16:56:12 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\NVIDIA Corporation
2014-03-28 16:54:52 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-03-28 16:54:51 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-03-28 16:52:09 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-28 16:52:09 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-28 16:52:09 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-22 15:15:07 -------- d-----w- C:\Program Files (x86)\Application Updater
2014-03-22 15:15:06 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
2014-03-21 21:04:24 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-21 21:04:24 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-21 05:02:15 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-03-21 04:40:35 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-03-21 04:40:34 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-03-21 04:40:34 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-03-21 04:40:34 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-03-21 04:16:00 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-03-21 04:12:12 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-03-21 04:10:51 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-03-21 04:10:51 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-03-21 04:10:51 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-03-21 04:05:17 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-03-21 04:05:17 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-03-18 04:18:50 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-03-18 04:18:50 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-03-18 04:17:48 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-18 04:17:48 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-18 04:17:47 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-03-18 04:17:47 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-03-18 04:17:47 158720 ----a-w- C:\Windows\System32\aaclient.dll
2014-03-18 04:17:47 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-03-18 04:17:33 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-03-18 04:17:33 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-03-18 04:17:03 1930752 ----a-w- C:\Windows\System32\authui.dll
2014-03-18 04:17:02 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-03-18 04:17:02 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2014-03-18 04:17:02 111448 ----a-w- C:\Windows\System32\consent.exe
2014-03-18 04:14:29 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-03-18 04:07:33 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-03-18 04:06:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-18 04:05:52 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-03-18 04:05:50 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-03-18 04:05:50 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-03-18 04:05:50 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-03-18 04:05:34 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-03-18 04:05:34 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-03-18 04:05:28 109824 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys
2014-03-18 04:05:28 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-03-18 04:05:26 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-18 04:05:25 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-18 04:05:06 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-03-18 04:05:06 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-03-18 03:54:48 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-03-18 03:54:48 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-03-18 03:49:52 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-03-18 03:49:52 1111552 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-03-18 03:38:09 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-03-18 03:38:09 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-03-18 03:38:09 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-03-18 03:38:09 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-03-18 03:38:09 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-03-18 03:37:58 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 03:37:58 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 03:37:56 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-03-18 03:37:56 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-18 03:33:25 59392 ----a-w- C:\Windows\System32\browcli.dll
2014-03-18 03:33:25 136704 ----a-w- C:\Windows\System32\browser.dll
2014-03-18 03:33:24 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2014-03-18 03:33:12 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-03-18 03:33:11 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-03-18 03:33:11 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-03-18 03:33:11 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-03-18 03:32:31 202752 ----a-w- C:\Windows\System32\scrrun.dll
2014-03-18 03:32:31 168960 ----a-w- C:\Windows\System32\wscript.exe
2014-03-18 03:32:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2014-03-18 03:32:31 156160 ----a-w- C:\Windows\System32\cscript.exe
2014-03-18 03:32:31 150016 ----a-w- C:\Windows\System32\wshom.ocx
2014-03-18 03:32:31 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2014-03-18 03:32:31 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2014-03-18 03:32:31 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2014-03-18 03:32:27 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-03-18 03:32:18 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-03-18 03:32:18 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-03-18 03:32:18 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-03-18 03:26:32 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-03-18 03:26:32 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-03-18 03:26:32 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-03-18 03:26:32 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-03-18 03:26:32 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-03-16 22:53:34 -------- d-----w- C:\IObit
2014-03-16 15:43:35 -------- d-----w- C:\ProgramData\ProductData
2014-03-16 15:43:30 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-03-16 15:35:00 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2014-03-16 05:18:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-16 04:25:59 -------- d-----w- C:\s
2014-03-16 04:25:31 -------- d-----w- C:\Program Files (x86)\PCData
2014-03-16 04:25:07 -------- d-----w- C:\Users\Abe10tiger\.android
2014-03-16 04:25:05 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\cache
2014-03-16 04:25:01 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\Mobogenie
2014-03-16 04:24:25 -------- d-----w- C:\Users\Abe10tiger\AppData\Roaming\SupTab
2014-03-16 04:24:22 -------- d-----w- C:\ProgramData\WPM
2014-03-16 04:23:30 -------- d-----w- C:\Program Files (x86)\DoubleOptMedia
2014-03-16 04:22:00 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\22980
.
==================== Find3M ====================
.
2014-04-12 19:09:49 151552 ----a-w- C:\Windows\KMSEmulator.exe
2014-04-11 16:14:20 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-11 16:14:20 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-03 16:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-21 04:12:12 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-21 04:09:22 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-04 14:35:23 9728064 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-17 20:41:24 27456 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-31 09:04:35 57096 ----a-w- C:\Windows\System32\certsentry.dll
2014-01-31 09:04:35 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-24 01:40:18 268968 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-01-18 00:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-18 00:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 13:39:35.60 ===============

abe10tiger · Apr 12, 2014

Attached:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/5/2011 8:14:41 PM
System Uptime: 4/12/2014 12:07:23 PM (1 hours ago)
.
Motherboard: ECS | | G41T-R3
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3192/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 49.072 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 51.313 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0001
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0001
Service: VBoxNetAdp
.
==== System Restore Points ===================
.
RP361: 4/5/2014 5:28:02 AM - Installed DirectX
RP362: 4/12/2014 3:00:26 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
AccelerateTab
Adobe AIR
Adobe Community Help
Adobe Flash Player 12 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Advanced SystemCare 7
Age Of Empire-II The Age Of Kings
Age of Mythology
Age of Mythology - The Titans Expansion
Aliens vs. Predator
Aliens: Colonial Marines
Amnesia - The Dark Descent
Anti Keylogger Virtual Keyboard
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Batman: Arkham Asylum
BioShock
BioShock 2
BioShock Infinite
Bonjour
Bookworm Adventures Deluxe 1.0
Call of Duty - Modern Warfare 3
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CANYON USB PC CAMERA
CCleaner
Comodo Dragon
Company of Heroes
CompuApps OnBelay V2
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
Dawn of War - Dark Crusade
Dawn of War - Soulstorm
DawnOfWar
Dead Space™
Dead Space™ 2
Dead Space™ 3
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Deus Ex: Game of the Year Edition
Deus Ex: Human Revolution
Deus Ex: Human Revolution - The Missing Link
Deus Ex: Invisible War
DiskAid 5.47
Dota 2
Dota 2 Test
DoubleOptMedia
Dropbox
EA Download Manager
Facebook Messenger 2.1.4814.0
Facebook Video Calling 2.0.0.447
Fallout 3
Fallout Mod Manager 0.13.21
Fallout New Vegas
FEAR
FEAR Extraction Point
FileASSASSIN
Fraps (remove only)
Free Video Joiner
FXAA Post Process Injector
Game Assistant
Game Booster 3
GameRanger
GamersFirst LIVE!
GeForce Experience NvStream Client Components
Ginger
Google Talk Plugin
Grand Ages Rome 1.01
Guitar Hero III
Hamster Free EbookConverter
HAWKEN
iCloud
IDT Audio
iFunbox (v2.6.2375.747), iFunbox DevTeam
IObit Uninstaller
iTunes
Java 7 Update 51
Java 7 Update 9 (64-bit)
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 31 (64-bit)
Junk Mail filter update
KeyScrambler
Macromedia Flash MX 2004
Malwarebytes Anti-Malware version 2.0.1.1004
Mass Effect
Mass Effect 2
Mass Effect™ 3
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Metro Last Light
Metro Last Light Update 1.0.0.2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Halo Custom Edition
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Minecraft1.7.2
Moon Breakers
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
My Lockbox 2.8.2
MyPC Backup
New Vegas Configator version 1.6
Nexus Mod Manager
No More Room in Hell
Nokia Connectivity Cable Driver
NVIDIA 3D Vision Controller Driver 335.21
NVIDIA 3D Vision Driver 335.23
NVIDIA Control Panel 335.23
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 335.23
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
Oracle VM VirtualBox 4.3.6
Origin
Outlast
Pando Media Booster
PaperPort
PC Data App
Photodex Presenter
PlanetSide 2
ProShow Gold
PunkBuster Services
QuickTime 7
RAGE
Rainmeter
Recuva
RESIDENT EVIL 5
ROBLOX Player for Abe10tiger
ROBLOX Studio for Abe10tiger
RocketDock 1.3.5
Saints Row: The Third
SDFormatter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
SHIELD Streaming
Skype™ 6.11
Skyrim - Legendary Edition
Speccy
SPORE™
Star Trek Online
State of Decay - Breakdown
Steam
Stronghold 2 Deluxe
Stronghold Legends
Surfing Protection
swMSM
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
The Walking Dead
The Witcher 2: Assassins of Kings Enhanced Edition
Total War ROME II
Total War Shogun 2
TruDirect
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
uTorrentBar Toolbar
VLC media player 1.1.11
VSDC Free Video Editor version 1.2.5.12
Vtune 7.16
Waterfox 13.0 (x64 en-US)
Windows Driver Package - JMicron Technology Corp. (JME) Net (02/25/2010 6.0.17.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
WinRAR 4.11 (32-bit)
Wrye Bash
Xfire (remove only)
Xfire 2.0
Xfire Codec (remove only)
XfireXO Toolbar
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YTD Toolbar v8.9
YTD Video Downloader 3.9.6
ZD Soft Game Recorder
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/9/2014 9:42:11 AM, Error: Service Control Manager [7034] - The SecureUpdate service terminated unexpectedly. It has done this 1 time(s).
4/9/2014 9:37:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
4/9/2014 11:15:22 AM, Error: Ntfs [137] - The default transaction resource manager on volume I: encountered a non-retryable error and could not start. The data contains the error code.
4/7/2014 8:34:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service.
4/6/2014 3:42:12 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/6/2014 3:20:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
4/5/2014 5:22:25 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/5/2014 5:20:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000044 (0xfffffa800547fc10, 0x0000000000000eae, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040514-19468-01.
4/5/2014 11:34:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
4/5/2014 11:34:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800038b38fb, 0x0000000000000001, 0x0000000000000206). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
4/12/2014 9:54:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
4/12/2014 12:08:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Protect Monitor service to connect.
4/12/2014 12:08:51 PM, Error: Service Control Manager [7000] - The Protect Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/12/2014 12:08:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
4/12/2014 12:08:17 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/12/2014 12:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/12/2014 12:04:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/12/2014 12:03:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
4/12/2014 11:59:25 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/12/2014 11:56:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/12/2014 11:56:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/12/2014 11:56:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/12/2014 11:56:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/12/2014 11:56:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache spldr VBoxDrv VBoxUSBMon Wanarpv6
4/12/2014 11:47:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SecureUpdate service to connect.
4/12/2014 11:47:34 AM, Error: Service Control Manager [7000] - The SecureUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/12/2014 11:44:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ScsiAccess service to connect.
4/12/2014 11:44:55 AM, Error: Service Control Manager [7000] - The ScsiAccess service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/12/2014 11:08:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
4/12/2014 11:08:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
4/12/2014 10:57:15 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
4/12/2014 10:47:59 AM, Error: Service Control Manager [7022] - The Yahoo! Updater service hung on starting.
4/12/2014 10:46:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Web Protection service to connect.
4/12/2014 10:46:12 AM, Error: Service Control Manager [7000] - The Avira Web Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2014 1:15:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
4/10/2014 6:52:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffff80103a3dd1d, 0x0000000000000002, 0x0000000000000000, 0xfffff800038ee11c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041014-20467-01.
4/10/2014 6:36:36 AM, Error: Service Control Manager [7034] - The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Broni · Apr 12, 2014

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Your MBAM log says "No Action By User".
Re-run MBAM fix all issues and post new log.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

abe10tiger · Apr 12, 2014

I forgot to mention a tiny detail: Im running in safe mode with networking. Will that be affecting the steps I follow in your post while in safe mode? Be posting the logs as soon as I complete the steps. Thanks!

UPDATES (4/13/2014)

Every after scan with MBAM, after clicking the Quarantine All button and trying to export to text file, MBAM crashes, thus, I am unable to produce a log.Going to history and checking for the log shows nothing but an EMPTY LOG of the scan.

I am unable to create a restore point because I am in Safe Mode with Networking only. I will not proceed to the next step without your instructions so I'll be waiting. Trying to boot in normal mode is a problem, I am unable to click anything, the system becomes unresponsive and hangs all the time.

However, I was able to scan the system using Rogue Killer and have the logs already. One thing is that internet speed is very slow and takes a very long time to download anything at all! I'll be posting the logs for Rogue killer first if that's ok.

abe10tiger · Apr 13, 2014

Rogue Killer Log 1:

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Abe10tiger [Admin rights]
Mode : Scan -- Date : 04/07/2010 00:34:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : dzleyclwdn (wscript.exe //B "C:\Users\Abe10tiger\AppData\Roaming\dzleyclwdn.vbs" [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-570735593-1496461725-3492070277-1000\[...]\Run : dzleyclwdn (wscript.exe //B "C:\Users\Abe10tiger\AppData\Roaming\dzleyclwdn.vbs" [x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] MySearchDial.job : C:\Users\ABE10T~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 1e9863085a8cb756cafc2a0e1d5a9940
[BSP] 44693e8c4ad2659f2336006954da86ce : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 976752000 | Size: 476929 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04072010_003411.txt >>

Log 2:

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Abe10tiger [Admin rights]
Mode : Remove -- Date : 04/07/2010 00:34:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : dzleyclwdn (wscript.exe //B "C:\Users\Abe10tiger\AppData\Roaming\dzleyclwdn.vbs" [x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-570735593-1496461725-3492070277-1000\[...]\Run : dzleyclwdn (wscript.exe //B "C:\Users\Abe10tiger\AppData\Roaming\dzleyclwdn.vbs" [x]) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] MySearchDial.job : C:\Users\ABE10T~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 1e9863085a8cb756cafc2a0e1d5a9940
[BSP] 44693e8c4ad2659f2336006954da86ce : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 976752000 | Size: 476929 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04072010_003432.txt >>
RKreport[0]_S_04072010_003411.txt

Broni · Apr 13, 2014

Skip restore point and run MBAR.

What happens in normal mode?

abe10tiger · Apr 13, 2014

In normal mode, the system responds for a few minutes after start up. But soon afterwards, any program I open takes around 4 or sometimes forever to open! When it does, it hangs all the time. The explorer also crashes.

mbar-log-xxxxx.txt

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.13.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16521
Abe10tiger :: ABE10TIGER-PC [administrator]

4/14/2014 9:28:34 AM
mbar-log-2014-04-14 (09-28-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 346207
Time elapsed: 13 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

system-log.txt:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.0.9600.16521

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 2146689024, free: 1372319744

Downloaded database version: v2014.04.13.09
Downloaded database version: v2014.03.27.01
Initializing...
======================
------------ Kernel report ------------
04/14/2014 09:11:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\FSPFltd.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\JME.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\keyscrambler.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002b55640
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xfffffa8001909680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002b55640, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002b55090, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002b55640, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002325520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8001909680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18351834

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 976752000 Numsec = 976752000

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.0.9600.16521

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 2146689024, free: 1344716800

Initializing...
======================
------------ Kernel report ------------
04/14/2014 09:28:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\FSPFltd.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\JME.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\keyscrambler.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002b55640
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xfffffa8001909680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002b55640, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002b55090, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002b55640, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002325520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8001909680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18351834

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 976752000 Numsec = 976752000

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Broni · Apr 14, 2014

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

abe10tiger · Apr 14, 2014

Combofix.txt:

ComboFix 14-04-12.01 - Abe10tiger 04/15/2014 11:20:05.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.63.1033.18.2047.1298 [GMT -7:00]
Running from: c:\users\Abe10tiger\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Abe10tiger\AppData\Local\TempDIR
c:\users\Abe10tiger\AppData\Local\TempDIR\GFInstaller\AppName.txt
c:\users\Abe10tiger\AppData\Local\TempDIR\GFInstaller\Channel.txt
c:\users\Abe10tiger\AppData\Local\TempDIR\GFInstaller\DownloadURL.txt
c:\users\Abe10tiger\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
c:\users\Abe10tiger\AppData\Roaming\dzleyclwdn.vbs
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\DEBUG.log
E:\install.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-03-15 to 2014-04-15 )))))))))))))))))))))))))))))))
.
.
2014-04-15 18:26 . 2014-04-15 18:26 -------- d-----w- c:\users\Video Productions\AppData\Local\temp
2014-04-14 16:11 . 2014-04-14 17:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-14 16:09 . 2014-04-14 16:09 -------- d-----w- c:\users\Abe10tiger\here
2014-04-12 19:25 . 2014-04-15 17:34 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-12 19:24 . 2014-04-14 16:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-12 19:24 . 2014-04-12 19:24 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-12 19:24 . 2014-04-03 16:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-09 18:39 . 2014-04-09 18:39 -------- d-----w- C:\Crash
2014-04-05 12:39 . 2014-04-05 12:39 154 ----a-w- c:\users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat
2014-04-05 12:31 . 2014-04-05 12:31 -------- d-----w- c:\users\Abe10tiger\AppData\Local\SCE
2014-04-04 02:05 . 2014-04-04 02:26 -------- d-----w- c:\users\Abe10tiger\AppData\Roaming\Audacity
2014-04-03 19:52 . 2014-04-03 19:52 -------- d-----w- c:\users\Abe10tiger\AppData\Local\UWebKit
2014-04-03 19:51 . 2014-04-03 19:51 -------- d-----w- c:\users\Abe10tiger\AppData\Roaming\.mono
2014-03-28 17:44 . 2014-03-28 17:44 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-28 17:43 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-28 16:56 . 2014-03-28 16:56 -------- d-----w- c:\users\Abe10tiger\AppData\Local\NVIDIA Corporation
2014-03-28 16:54 . 2013-12-10 02:13 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2014-03-28 16:54 . 2013-12-10 02:13 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-03-28 16:52 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-03-28 16:52 . 2013-12-05 08:42 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-03-28 16:52 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-03-22 15:15 . 2014-03-22 15:15 -------- d-----w- c:\program files (x86)\Application Updater
2014-03-22 15:15 . 2014-03-22 15:15 -------- d-----w- c:\program files (x86)\YTD Toolbar
2014-03-21 21:04 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-03-21 21:04 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-21 04:40 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-03-21 04:40 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-21 04:40 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-03-21 04:40 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-03-21 04:19 . 2013-10-15 01:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-03-21 04:16 . 2014-03-21 04:16 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-21 04:12 . 2014-03-21 04:12 859648 ----a-w- c:\windows\system32\tdh.dll
2014-03-21 04:10 . 2014-03-21 04:10 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-03-21 04:10 . 2014-03-21 04:10 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-03-21 04:10 . 2014-03-21 04:10 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-03-21 04:05 . 2014-03-21 04:05 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-03-21 04:05 . 2014-03-21 04:05 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-03-18 04:18 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-03-18 04:18 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-03-18 04:17 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2014-03-18 04:17 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-18 04:17 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-18 04:17 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2014-03-18 04:17 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-03-18 04:17 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2014-03-18 04:17 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2014-03-18 04:17 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-03-18 04:17 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2014-03-18 04:17 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2014-03-18 04:17 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2014-03-18 04:17 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2014-03-18 04:14 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-03-18 04:07 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-03-18 04:06 . 2013-09-25 02:22 340992 ----a-w- c:\windows\system32\schannel.dll
2014-03-18 04:05 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-03-18 04:05 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-03-18 04:05 . 2012-11-28 22:56 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-03-18 04:05 . 2012-11-28 22:56 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-03-18 04:05 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2014-03-18 04:05 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-03-18 04:05 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2014-03-18 04:05 . 2013-07-12 10:40 109824 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2014-03-18 04:05 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-03-18 04:05 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-03-18 04:05 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-03-18 04:05 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-03-18 03:54 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2014-03-18 03:54 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2014-03-18 03:49 . 2013-06-15 04:35 1111552 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-18 03:49 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-03-18 03:38 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-03-18 03:38 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-03-18 03:38 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-03-18 03:38 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-03-18 03:38 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-03-18 03:37 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 03:37 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 03:37 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-03-18 03:37 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2014-03-18 03:33 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2014-03-18 03:33 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2014-03-18 03:33 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2014-03-18 03:33 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2014-03-18 03:33 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2014-03-18 03:33 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2014-03-18 03:33 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2014-03-18 03:33 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2014-03-18 03:32 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-03-18 03:32 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-03-18 03:32 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-03-18 03:32 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-03-18 03:32 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-03-18 03:32 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-03-18 03:32 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-03-18 03:32 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-03-18 03:32 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2014-03-18 03:32 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-03-18 03:32 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-03-18 03:32 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2014-03-18 03:26 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-03-18 03:26 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-03-18 03:26 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-03-18 03:26 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2014-03-18 03:26 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-03-16 22:53 . 2014-03-16 22:53 -------- d-----w- C:\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-12 19:09 . 2011-10-20 21:41 151552 ----a-w- c:\windows\KMSEmulator.exe
2014-04-11 16:14 . 2012-04-16 19:48 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-11 16:14 . 2011-08-06 06:41 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-03 16:50 . 2011-08-06 05:23 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-21 04:12 . 2014-03-21 04:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 14:35 . 2013-05-24 19:53 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2012-09-28 05:11 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2011-08-06 04:41 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2011-08-06 04:40 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2011-08-06 04:40 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 13:06 . 2011-01-21 02:26 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2011-01-21 02:25 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2011-01-21 02:26 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2011-01-21 02:26 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2011-01-21 02:26 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-17 20:41 . 2011-12-20 02:22 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-01-31 09:04 . 2013-05-30 08:36 57096 ----a-w- c:\windows\system32\certsentry.dll
2014-01-31 09:04 . 2013-05-30 08:36 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2014-01-24 01:40 . 2013-09-01 20:08 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-01-18 00:24 . 2014-01-18 00:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-18 00:24 . 2014-01-18 00:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2013-08-07 1561880]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-19 10:26 1521872 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]
2014-02-25 19:31 464720 ----a-w- c:\program files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Abe10tiger\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Abe10tiger\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Abe10tiger\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-01-28 2236416]
"Steam"="e:\program files (x86)\Steam\Steam.exe" [2014-02-25 1821888]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-02-12 2288928]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-19 1573584]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"PaperPort PTD"="c:\program files (x86)\scansoft\paperport\pptd40nt.exe" [2004-04-14 57393]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Anti Keylogger Virtual Keyboard "="c:\program files (x86)\Anti Keylogger Virtual Keyboard\keyboard.exe" [2010-03-07 357312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-18 421888]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2014-03-17 1393984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Abe10tiger\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
dzleyclwdn.vbs [2013-7-22 117245]
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-9-19 1953320]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-3-24 36024]
Xfire.bat [2014-4-5 154]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 ProtectMonitor;Protect Monitor;c:\program files (x86)\PCData\StartHelp.exe;c:\program files (x86)\PCData\StartHelp.exe [x]
R2 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 16:14]
.
2014-04-15 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-09-22 01:14]
.
2014-04-12 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-09-22 01:14]
.
2014-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570735593-1496461725-3492070277-1000Core.job
- c:\users\Abe10tiger\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 17:20]
.
2014-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570735593-1496461725-3492070277-1000UA.job
- c:\users\Abe10tiger\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 17:20]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-570735593-1496461725-3492070277-1000Core.job
- c:\users\Abe10tiger\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-17 17:25]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-570735593-1496461725-3492070277-1000UA.job
- c:\users\Abe10tiger\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-17 17:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-03-16 15:43 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Abe10tiger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Abe10tiger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Abe10tiger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Abe10tiger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PaperPort PTD"="c:\program files (x86)\scansoft\paperport\pptd40nt.exe" [2004-04-14 57393]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2012-03-21 2143552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-CompuApps OnBelay V2 - c:\progra~1\COMPUA~1\ONBELA~1\ONBUNI~1.ISU
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b0,49,
5a,57,31,a3,01,fd,07,82,94,cf,f2,8a,b7
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,
f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0877C1FC-19C6-4FE2-8E3D-699D8EDB2964}"=hex:51,66,7a,6c,4c,1d,38,12,92,c2,64,
0c,f4,57,8c,0a,f1,2b,2a,dd,8b,85,6d,70
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,
2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a
"{48A789BF-F6D6-4930-9C8B-77855A63EDE1}"=hex:51,66,7a,6c,4c,1d,38,12,d1,8a,b4,
4c,e4,b8,5e,0c,e3,9d,34,c5,5f,3d,a9,f5
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f,
be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:57,2c,0a,4e,92,da,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,2f,04,ed,57,ee,5d,41,a4,16,1a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,2f,04,ed,57,ee,5d,41,a4,16,1a,\
.
[HKEY_USERS\S-1-5-21-570735593-1496461725-3492070277-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:04,ab,77,cc,90,4d,87,45,fe,8e,f0,63,05,1f,5a,44,24,1c,25,4a,dd,9e,1d,
98,b5,47,cb,44,ab,ee,e2,bf,43,b4,47,aa,4b,b1,81,91,23,d6,27,11,ae,a3,ae,70,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-570735593-1496461725-3492070277-1000\Software\SecuROM\License information*]
"datasecu"=hex:2b,6d,f3,b7,d0,40,ac,75,49,08,9a,35,60,78,93,54,11,59,6e,a1,5d,
c2,41,b5,3e,31,a3,b5,bb,6b,f6,91,6d,94,9f,23,21,58,99,e1,ad,18,c7,df,bc,cc,\
"rkeysecu"=hex:f6,4c,2b,dc,0a,2a,7f,56,7c,7a,e0,79,7e,70,47,ad
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-15 11:52:21 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-15 18:52
.
Pre-Run: 52,933,455,872 bytes free
Post-Run: 52,486,459,392 bytes free
.
- - End Of File - - 829AF291BB12FB5F4D9A0A55362C1166
A36C5E4F47E84449FF07ED3517B43A31

Broni · Apr 14, 2014

Looks good.

Uninstall Advanced SystemCare 7.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

abe10tiger · Apr 15, 2014

AdwCleaner Log:

# AdwCleaner v3.023 - Report created 15/04/2014 at 12:24:34
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Abe10tiger - ABE10TIGER-PC
# Running from : C:\Users\Abe10tiger\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Application Updater
[#] Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Secure Speed Dial
Folder Deleted : C:\Program Files (x86)\xfirexo
Folder Deleted : C:\Program Files (x86)\YTD Toolbar
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Abe10tiger\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Abe10tiger\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Abe10tiger\AppData\Local\PackageAware
Folder Deleted : C:\Users\Abe10tiger\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Abe10tiger\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Abe10tiger\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Abe10tiger\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Abe10tiger\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Abe10tiger\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Abe10tiger\AppData\LocalLow\xfirexo
Folder Deleted : C:\Users\Abe10tiger\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Abe10tiger\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Abe10tiger\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Abe10tiger\AppData\Roaming\SupTab
Folder Deleted : C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Abe10tiger\Documents\Mobogenie
Folder Deleted : C:\Users\Skyrim VidProduction\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Skyrim VidProduction\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Video Productions\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Video Productions\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\ConduitCommon
Folder Deleted : C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\CT2304157
Folder Deleted : C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\Extensions\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Folder Deleted : C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\Extensions\speeddial@instair.net
File Deleted : C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\Extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\user.js
File Deleted : C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\user.js
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\MySearchDial
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
Shortcut Disinfected : C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\outobox_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\outobox_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\outobox1120_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\outobox1120_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_fexplorer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_my-lockbox_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_my-lockbox_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E70F0988-ED46-43AB-910B-DB3ACD028B44}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E70F0988-ED46-43AB-910B-DB3ACD028B44}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{747050E0-8FD2-460A-9686-7FE7FEE9DAA5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D98AEEB4-B4B6-4A71-8745-F7DDE7E0076A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F36152F6-8AB0-47F8-BC38-68E27D2A857C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1DB8994-6B94-45A3-9FA9-5DE1ED3AE266}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\XfireXO
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\Software\XfireXO
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XfireXO Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js ]

Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "ir_14_11_ff");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyBy[...]
Line Deleted : user_pref("extensions.mysearchdial.cr", "897699611");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtD[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "10673511D8679641");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16145");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:28:16");

[ File : C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\prefs.js ]

Line Deleted : user_pref("CT2304157.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");

-\\ Google Chrome v

[ File : C:\Users\Abe10tiger\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [24712 octets] - [15/04/2014 12:23:43]
AdwCleaner[S0].txt - [23747 octets] - [15/04/2014 12:24:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23808 octets] ##########

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Abe10tiger on Tue 04/15/2014 at 12:55:23.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TasksWatch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TasksWatch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TasksWatch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TasksWatch_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1CB836D0-8450-46A0-B2CC-3E2C5D1AA9E3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33DF8D05-FEAD-485B-9459-A8814E1320C0}
Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Abe10tiger\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{12556199-D5EF-46D2-9AB7-C1F601050F4F}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{12885E39-40F0-442E-A671-215A9A181CFD}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{1863B3F7-BAD1-473E-9E51-1747C00E7BB7}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{217F5DE8-888F-4E16-8794-276F58A1EA4E}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{24492AFD-5EFC-4489-B3BA-1AB8D9EC954A}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{24BB3261-1DAC-468F-AAB5-780BEF1C3747}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{27FC3FEA-3F3F-447B-A86E-3889F3FC2E76}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{28FADED2-5C59-4D86-86A6-02F14C01A351}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{3871E946-2EAD-4859-8D7C-E028E55925A2}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{3F43C222-C8C9-493D-A297-0FD60C469BF7}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{438DCAB3-3EDE-4C41-85ED-B500D1B03B3E}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{45C2FBF0-19EC-453D-8873-F44E688AD90B}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{46D2D9C3-4D36-42EE-9219-4E8F85279935}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{4C8DD003-DB13-46AC-BA42-48601C7E8CA4}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{518D829E-CE50-4753-BC7A-8BCA188B0445}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{586EAFC0-942F-43CE-9B01-9492B804E038}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{589011E8-35AB-44CA-B5D1-A7ECA27DBB72}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{5B22F8E8-F30E-4718-BB48-3E0FB5925232}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{5FA889BE-2D13-41E5-B61F-36EE00756F4D}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{5FDDFE52-BC27-4C54-B4A0-1F281F9E8D26}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{62354E64-28BA-4779-976B-B3A6957738AF}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{6342A418-1230-4975-8BD7-EC83A38AD1E9}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{641CC103-7A81-460F-8210-1EF9D94CB238}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{644FFA80-825C-4E07-8927-BF12A012343D}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{6587443A-D779-48F3-BB34-129CFEA54B70}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{66222667-0647-45A3-9152-DA5EDD31F2E6}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{6AA54433-A500-4D02-A97F-76248D8D3C8E}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{7352A5DC-B076-485A-BF4C-193332A36A00}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{74497525-9D4A-497C-B458-4112914E327A}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{76A0AE21-D213-425E-B803-3F5CF761609A}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{7F81F958-7FD2-49B5-9A90-CF9244790132}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{82452690-7378-40D9-A363-8DC664E56ADF}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{83969E5B-F612-4F20-AD76-C35AE249BA1D}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{840B97B3-9849-426B-B766-A1AE9C460637}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{85FA8939-7D25-438A-912B-051CD233C677}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{8E407671-BD40-44FF-AD33-AE7C78924490}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{920276E5-74E4-4DF2-8022-3417B0495FD1}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{94785F30-9F3C-4399-AC4A-3D4BF11217AF}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{9495624F-6CEB-42C1-BB29-231BBEA5140C}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{9AEA23E0-B610-492D-B91E-2D0344E23E3B}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{9D570FD2-AA35-4A2C-A39B-FDC0A48CCA83}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{9E451ECB-772D-463C-8A3C-A4CDF33A4ACE}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{AC8AD590-0B80-49BF-BBFE-CA13F3669615}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{BC8CFC21-98E8-46FE-972D-74A7101CFE89}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{BE78B565-193A-4638-A4AC-D0F0D1C0604E}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{BFDFB5E6-AAE6-440C-B053-98036DDD9F82}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{C12B42FF-23B8-42F1-B7D4-92EDC5B080B1}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{C12F991F-9AD2-45B8-B187-49097788F928}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{C285E8F5-9306-420A-A5E4-A56F01EA99C8}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{C3DAF2D7-A7CE-4013-94F2-47BB9B307FF7}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{C4B3CC6F-1A9E-4486-A06B-E72F9BD1A0BC}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{C874AC87-D84B-4FC1-BDBF-4DAFE152D06F}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{CB27FDAC-E892-4CE9-BADB-A486B3BCD598}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{CC437C60-7560-451B-8B3D-0A3E6C51A8D3}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{CFE5D458-DCE2-4382-8CA4-E42EAC3E3402}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{D1F59724-A5F0-43AC-AB7A-B9B175BDFAA2}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{D6B590EB-CDC9-4916-AA1A-96823270E6B5}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{D8D35AB6-7105-4045-834F-11263CAE2361}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{D8E71F3A-794F-43E9-B871-D53A30DF679A}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{E086BDEF-D4C1-4C44-B9A0-21B89A40B9DB}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{E42D69BE-650E-49C9-8EBD-93A98CCCC034}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{E969C01C-4AEB-41C9-A3F1-6A097E01C3B1}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{E9D02FF4-7143-432C-B942-508131FB4723}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{EEA9003C-0F9C-4331-926E-70DA63E3BD94}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{F68C3E11-E3EF-4BBB-A204-772AE9A39B79}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{FD15D616-0531-4F80-984C-D804234DCBF7}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{FD6BDDFD-CD50-4169-A5D6-AEAAD395B852}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{FDC99DDF-F8B2-4E2B-B1FA-309489FC7026}
Successfully deleted: [Empty Folder] C:\Users\Abe10tiger\appdata\local\{FEF8836C-809D-49F2-B47A-D6D65ABFE021}

~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Abe10tiger\AppData\Roaming\mozilla\firefox\profiles\g5qnsbjg.default-1394945989340\minidumps [26 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/15/2014 at 12:58:39.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

abe10tiger · Apr 15, 2014

OTL LOG:

OTL logfile created on: 4/15/2014 1:02:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Abe10tiger\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.05% Memory free
4.00 Gb Paging File | 3.50 Gb Available in Paging File | 87.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 49.15 Gb Free Space | 10.55% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 51.31 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Computer Name: ABE10TIGER-PC | User Name: Abe10tiger | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/15 13:01:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abe10tiger\Desktop\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/09 19:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/18 19:39:34 | 000,250,368 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- c:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/04/11 09:14:20 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/20 22:02:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/13 18:54:42 | 000,090,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PCData\StartHelp.exe -- (ProtectMonitor)
SRV - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/25 14:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/28 07:35:50 | 002,135,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014/01/20 19:41:35 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/09 19:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/08 19:33:48 | 000,186,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe -- (ScsiAccess)
SRV - [2012/10/07 17:39:56 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/02 13:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/12/18 18:16:44 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/12/05 01:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 06:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/08/28 18:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/01 11:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/14 17:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/08/17 11:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/06 00:00:34 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/22 17:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010/05/18 19:39:34 | 000,497,152 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/24 20:26:58 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/11/08 10:29:22 | 000,527,872 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2013/03/14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/12/13 09:56:26 | 000,011,376 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ph
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 9A D8 3B F2 53 CC 01 [binary data]
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..\SearchScopes\{08065A15-E2E4-45BD-B629-773302521C18}: "URL" = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..\SearchScopes\{6C239768-5DBF-45E9-AE74-9B95E20A2532}: "URL" = http://search.zonealarm.com/search?...00000000000201010096568&q={searchTerms}&r=567
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Be1f9ea30-0906-11df-8a39-0800200c9a66%7D:1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Abe10tiger\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Abe10tiger\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Abe10tiger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Abe10tiger\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Abe10tiger\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Abe10tiger\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Abe10tiger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Abe10tiger\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Abe10tiger\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\gingersoftware.com/gingerPlugin: C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll (Ginger Software)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 13.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012/07/14 21:44:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\adapter@gingersoftware.com: C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com [2013/08/11 13:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\firefox@gingersoftware.com: C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.com [2013/08/11 13:14:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/20 22:02:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/20 22:02:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/05/26 21:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Extensions
[2014/04/15 12:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\extensions
[2014/04/15 12:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\extensions
[2014/03/01 14:19:55 | 000,000,000 | ---D | M] (AD Block) -- C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\extensions\searchads@instair.net
[2014/03/16 15:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\irm3bujj.default\extensions\staged
[2014/03/16 15:37:08 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2014/03/19 21:32:27 | 000,013,830 | ---- | M] () (No name found) -- C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\extensions\{e1f9ea30-0906-11df-8a39-0800200c9a66}.xpi
[2014/03/15 22:12:40 | 000,008,067 | ---- | M] () -- C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\searchplugins\yahoo_ff.xml
[2014/03/20 22:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/20 22:02:03 | 000,000,000 | ---D | M] ("Ginger") -- C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com
[2014/03/20 22:02:04 | 000,000,000 | ---D | M] (Ginger - Grammar and Spell Checker) -- C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.com
[2014/03/20 22:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/20 22:02:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Abe10tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
O1 HOSTS File: ([2014/04/15 11:47:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Ginger Grammar & Spell Checker) - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll ()
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Ginger Grammar & Spell Checker) - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll ()
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adblock) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - Reg Error: Value error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Anti Keylogger Virtual Keyboard ] C:\Program Files (x86)\Anti Keylogger Virtual Keyboard\keyboard.exe (Network Intercept)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000..\Run: [Steam] E:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O4 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O4 - Startup: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Abe10tiger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dzleyclwdn.vbs ()
O4 - Startup: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BE9BD0A-3CC7-4B61-95AC-5A4E271B7ED7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA42F348-BB24-4AB2-92AC-B21630D0F7AF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -

abe10tiger · Apr 15, 2014

No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/15 02:24:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/15 13:00:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Abe10tiger\Desktop\OTL.exe
[2014/04/15 12:55:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/15 12:46:25 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Abe10tiger\Desktop\JRT.exe
[2014/04/15 12:23:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/15 12:17:30 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/04/15 11:47:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/04/15 11:17:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/04/15 11:17:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/04/15 11:17:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/04/15 11:12:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/15 11:11:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/15 10:50:38 | 005,194,807 | R--- | C] (Swearware) -- C:\Users\Abe10tiger\Desktop\ComboFix.exe
[2014/04/14 09:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/14 09:10:19 | 000,000,000 | ---D | C] -- C:\Users\Abe10tiger\Desktop\mbar
[2014/04/14 09:09:15 | 000,000,000 | ---D | C] -- C:\Users\Abe10tiger\here
[2014/04/13 19:46:31 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Abe10tiger\Desktop\mbar-1.07.0.1009.exe
[2014/04/12 12:25:36 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/12 12:24:38 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/12 12:24:38 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/12 12:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/12 10:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/09 11:39:04 | 000,000,000 | ---D | C] -- C:\Crash
[2014/04/05 05:31:27 | 000,000,000 | ---D | C] -- C:\Users\Abe10tiger\AppData\Local\SCE
[2014/04/04 07:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
[2014/04/03 19:05:14 | 000,000,000 | ---D | C] -- C:\Users\Abe10tiger\AppData\Roaming\Audacity
[2014/04/03 19:05:04 | 000,000,000 | ---D | C] -- C:\Users\Abe10tiger\Desktop\Audacity
[2014/04/03 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\Abe10tiger\AppData\Local\UWebKit
[2014/04/03 12:51:51 | 000,000,000 | ---D | C] -- C:\Users\Abe10tiger\AppData\Roaming\.mono
[2014/03/28 10:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/03/28 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\Abe10tiger\AppData\Local\NVIDIA Corporation
[2014/03/20 22:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/18 04:02:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/03/16 16:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Assistant
[2014/03/16 15:53:34 | 000,000,000 | ---D | C] -- C:\IObit
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Users\Abe10tiger\Desktop\*.tmp files -> C:\Users\Abe10tiger\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/15 13:01:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abe10tiger\Desktop\OTL.exe
[2014/04/15 12:49:09 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Abe10tiger\Desktop\JRT.exe
[2014/04/15 12:25:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/15 12:25:48 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/15 12:24:48 | 000,001,176 | ---- | M] () -- C:\Users\Abe10tiger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/15 12:23:16 | 001,426,178 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\adwcleaner.exe
[2014/04/15 12:12:38 | 000,095,791 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\Untitled.jpg
[2014/04/15 11:47:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/15 11:35:40 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-570735593-1496461725-3492070277-1000UA.job
[2014/04/15 11:28:34 | 000,000,226 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/04/15 11:08:04 | 005,194,807 | R--- | M] (Swearware) -- C:\Users\Abe10tiger\Desktop\ComboFix.exe
[2014/04/15 10:34:44 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/14 09:28:21 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/13 20:03:41 | 000,000,551 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\crp.vbs
[2014/04/13 19:46:12 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Abe10tiger\Desktop\mbar-1.07.0.1009.exe
[2014/04/12 12:25:03 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-570735593-1496461725-3492070277-1000UA.job
[2014/04/12 12:24:41 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/12 12:16:07 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/12 12:16:07 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/12 12:09:49 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2014/04/12 10:41:18 | 000,114,820 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\mbam-log-2014-04-12 (10-09-08).xml
[2014/04/12 07:05:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/12 05:41:30 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/04/11 12:08:25 | 012,945,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/11 12:08:25 | 006,244,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/11 12:08:25 | 000,006,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/11 09:25:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-570735593-1496461725-3492070277-1000Core.job
[2014/04/11 07:29:40 | 000,025,056 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\piano y cello.jpg
[2014/04/11 07:29:36 | 000,032,624 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\piano_cello_0.jpg
[2014/04/10 21:35:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-570735593-1496461725-3492070277-1000Core.job
[2014/04/05 05:39:18 | 000,000,154 | ---- | M] () -- C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat
[2014/04/04 14:46:21 | 000,293,293 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\aly.jpg
[2014/04/04 14:33:11 | 000,035,856 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\1391519_10202428247092877_1329703266_n.jpg
[2014/04/03 20:40:24 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2014/04/03 19:29:48 | 000,000,222 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\PlanetSide 2.url
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/02 22:43:37 | 000,036,517 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\10155434_722473101106447_746027230_n.jpg
[2014/04/02 22:40:10 | 000,075,503 | ---- | M] () -- C:\Users\Abe10tiger\Desktop\1896907_722473477773076_502662497_n.jpg
[2014/03/21 14:13:37 | 005,010,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/20 21:15:46 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/03/20 21:15:42 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/03/18 03:08:32 | 000,006,200 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/16 15:52:37 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/03/16 15:31:22 | 000,000,047 | ---- | M] () -- C:\Users\Abe10tiger\AppData\Roaming\WB.CFG
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Users\Abe10tiger\Desktop\*.tmp files -> C:\Users\Abe10tiger\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/15 12:18:29 | 001,426,178 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\adwcleaner.exe
[2014/04/15 12:12:37 | 000,095,791 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\Untitled.jpg
[2014/04/15 11:17:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/04/15 11:17:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/04/15 11:17:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/04/15 11:17:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/04/15 11:17:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/04/13 20:03:41 | 000,000,551 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\crp.vbs
[2014/04/12 12:24:41 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/12 12:03:43 | 000,114,820 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\mbam-log-2014-04-12 (10-09-08).xml
[2014/04/11 07:29:40 | 000,025,056 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\piano y cello.jpg
[2014/04/11 07:29:35 | 000,032,624 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\piano_cello_0.jpg
[2014/04/05 05:39:18 | 000,000,154 | ---- | C] () -- C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat
[2014/04/04 14:46:19 | 000,293,293 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\aly.jpg
[2014/04/04 14:33:09 | 000,035,856 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\1391519_10202428247092877_1329703266_n.jpg
[2014/04/03 20:40:24 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2014/04/03 19:29:48 | 000,000,222 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\PlanetSide 2.url
[2014/04/02 22:43:36 | 000,036,517 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\10155434_722473101106447_746027230_n.jpg
[2014/04/02 22:40:09 | 000,075,503 | ---- | C] () -- C:\Users\Abe10tiger\Desktop\1896907_722473477773076_502662497_n.jpg
[2014/03/20 21:15:46 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/03/20 21:15:42 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/03/17 21:05:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/03/16 15:52:37 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/03/16 15:31:22 | 000,000,047 | ---- | C] () -- C:\Users\Abe10tiger\AppData\Roaming\WB.CFG
[2013/10/30 11:33:45 | 000,000,162 | ---- | C] () -- C:\Users\Abe10tiger\AppData\Roaming\die.bat
[2013/10/03 23:00:22 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/10/03 23:00:22 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/09/01 13:08:06 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/06/01 10:40:46 | 000,000,292 | ---- | C] () -- C:\Users\Abe10tiger\AppData\Local\HamsterBookConverter.cfg
[2013/03/09 14:20:18 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\ONBV2VER.INI
[2013/03/09 14:20:16 | 000,000,765 | ---- | C] () -- C:\Windows\ONFORMAT.INI
[2013/03/09 14:20:14 | 000,000,364 | ---- | C] () -- C:\Windows\ONBLV2CL.INI
[2013/03/09 14:19:57 | 000,003,375 | ---- | C] () -- C:\Windows\ONBRV2CL.INI
[2012/12/28 14:04:22 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/11/09 23:15:53 | 000,071,475 | ---- | C] () -- C:\Users\Abe10tiger\AppData\Roaming\icarus-dxdiag.xml
[2012/10/07 17:28:25 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/07 17:25:33 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2011/08/07 17:35:38 | 000,003,584 | ---- | C] () -- C:\Users\Abe10tiger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/05 22:06:04 | 000,007,669 | ---- | C] () -- C:\Users\Abe10tiger\AppData\Local\Resmon.ResmonCfg
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

abe10tiger · Apr 15, 2014

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/01/17 23:33:03 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\.minecraft
[2014/04/03 12:51:51 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\.mono
[2013/08/11 13:14:58 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Acapela Group
[2013/12/26 16:23:45 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Aliens vs. Predator
[2014/04/03 19:26:15 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Audacity
[2012/05/24 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\avidemux
[2013/08/09 10:22:06 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Bioshock
[2013/03/26 22:58:11 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Bioshock2
[2013/06/01 10:42:15 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\calibre
[2011/09/15 21:40:18 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/04/15 12:24:45 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\CheckPoint
[2014/04/12 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\DAEMON Tools Lite
[2013/06/18 13:59:21 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\DiskAid
[2014/04/13 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Dropbox
[2012/11/19 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\GameHouse
[2012/06/16 12:24:00 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\GameRanger
[2012/12/21 11:53:24 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Grand Ages Rome
[2014/01/01 13:55:26 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\iFunbox_UserCache
[2014/03/16 16:03:08 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\IObit
[2012/07/13 18:43:21 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Maxthon2
[2012/02/10 23:50:29 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Netscape
[2013/08/10 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Origin
[2012/02/10 23:49:31 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Photodex
[2012/10/25 18:49:00 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\QFX Software
[2013/07/15 20:15:59 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Rainmeter
[2013/10/28 20:19:26 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Skyrim - Legendary Edition
[2012/04/01 22:17:20 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Sony
[2013/11/16 09:46:13 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\SPORE
[2012/12/25 02:23:47 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\SystemRequirementsLab
[2013/10/30 10:50:11 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\The Creative Assembly
[2013/04/16 10:31:29 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Tunngle
[2012/07/14 21:44:13 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\Uninstaller Tool(Comodo Forums)
[2014/04/12 12:10:42 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\uTorrent
[2013/10/03 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\VideoEditor
[2011/12/29 14:57:46 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011/12/29 14:57:46 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2011/12/29 14:57:46 | 000,000,000 | ---D | M] -- C:\Users\Skyrim VidProduction\AppData\Roaming\IObit
[2011/12/29 14:57:46 | 000,000,000 | ---D | M] -- C:\Users\Video Productions\AppData\Roaming\IObit
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/11/18 18:37:43 | 104,837,737 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\�뉐ḼB
[2013/11/18 18:37:43 | 104,837,737 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\�뉐ḼB
[2013/11/16 23:42:12 | 104,559,818 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\췺폝Ḽ
[2013/11/16 23:42:12 | 104,559,818 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\췺폝Ḽ
[2013/11/13 21:27:42 | 104,010,312 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\튌됖Ḽ
[2013/11/13 21:27:42 | 104,010,312 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\튌됖Ḽ
[2013/11/11 17:46:37 | 103,682,728 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䂍宔Ḽ
[2013/11/11 17:46:37 | 103,682,728 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䂍宔Ḽ
[2013/10/21 23:32:46 | 102,154,219 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\芿㵌Ḽ
[2013/10/21 23:32:46 | 102,154,219 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\芿㵌Ḽ
[2013/10/16 20:12:05 | 101,393,623 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\閽磝Ḽ
[2013/10/16 20:12:05 | 101,393,623 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\閽磝Ḽ
[2013/10/11 20:19:31 | 100,470,597 | ---- | M] ()(C:\Windows\SysWow64\???=) -- C:\Windows\SysWow64\О郋Ḽ=
[2013/10/11 20:19:31 | 100,470,597 | ---- | C] ()(C:\Windows\SysWow64\???=) -- C:\Windows\SysWow64\О郋Ḽ=
[2013/10/10 01:07:50 | 100,163,860 | ---- | M] ()(C:\Windows\SysWow64\???`) -- C:\Windows\SysWow64\ꆾ뺤Ḽ`
[2013/10/10 01:07:50 | 100,163,860 | ---- | C] ()(C:\Windows\SysWow64\???`) -- C:\Windows\SysWow64\ꆾ뺤Ḽ`
[2013/10/04 05:42:59 | 099,176,917 | ---- | M] ()(C:\Windows\SysWow64\???A) -- C:\Windows\SysWow64\蓘�ḼA
[2013/10/04 05:42:59 | 099,176,917 | ---- | C] ()(C:\Windows\SysWow64\???A) -- C:\Windows\SysWow64\蓘�ḼA
[2013/08/23 19:35:33 | 099,963,528 | ---- | M] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\ə쑻Ḽ«
[2013/08/23 19:35:33 | 099,963,528 | ---- | C] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\ə쑻Ḽ«
[2013/08/22 22:18:26 | 099,751,737 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\饞䝄Ḽ
[2013/08/22 10:17:22 | 099,751,737 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\饞䝄Ḽ
========== Alternate Data Streams ==========
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP

1B5B4F1

< End of report >

abe10tiger · Apr 15, 2014

EXTRA LOG:

OTL Extras logfile created on: 4/15/2014 1:02:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Abe10tiger\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.05% Memory free
4.00 Gb Paging File | 3.50 Gb Available in Paging File | 87.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 49.15 Gb Free Space | 10.55% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 51.31 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Computer Name: ABE10TIGER-PC | User Name: Abe10tiger | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAB3B62-30D9-40C6-99A4-651404365EB4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0CBC8A99-9D5E-4808-A2DD-216C0CB3A65A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F821C19-385E-4932-9CDA-BB5F0A12DDD3}" = rport=139 | protocol=6 | dir=out | app=system |
"{11E3A33B-96A0-464D-9DDB-CA8BF3A68268}" = lport=56891 | protocol=17 | dir=in | name=pando media booster |
"{1A8E3D52-CF44-4019-8063-DF8F3FFC08D1}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B00D04C-4B07-4910-A857-EFD430E9270F}" = lport=139 | protocol=6 | dir=in | app=system |
"{2D599C7E-A36B-4584-B79D-E0BF5140D7AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2F21C1C3-CB04-425E-BA7B-131013051A46}" = lport=445 | protocol=6 | dir=in | app=system |
"{313CB973-AB7E-4D58-BD88-1EE27231A828}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{3CADBDC4-D46C-492F-BF1E-13B16FE6BE8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CF6F191-B457-4FBB-8AA0-BD35F02D7F29}" = lport=56891 | protocol=17 | dir=in | name=pando media booster |
"{3D3CAD1A-B3BA-424D-8D7C-87BAEAFFD1E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4849A897-7419-4997-AEB1-E96ACA46324F}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{4AC64605-49AC-40D4-AAAD-4D2080431987}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B4FECCC-DB47-4C67-9BE6-DA6B3EE187CE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{4B5AE0FF-7F14-4DBB-9174-83C67ED8E255}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C5BEDDE-4364-4B7B-A0AB-32014ED309A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54166666-058F-435B-A8BE-00ECABB0F0ED}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{59AF9BA4-C234-422E-A988-D53BD4DA5093}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{64F15298-1C80-4F6F-AF33-AAFA9BDF8079}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70B08905-CA7C-4819-93E1-D16F7E529B42}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{82FD37C6-2265-40D7-8EC7-D8EFFCCE5217}" = lport=138 | protocol=17 | dir=in | app=system |
"{8812B1A4-BAF7-4CBB-86E5-4B510C4D2825}" = rport=137 | protocol=17 | dir=out | app=system |
"{8E9DE5FC-B716-4E82-8163-0EDA6F6755F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C844A90-238E-4C68-9886-2689E4D6EB20}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9FAF636B-7A30-4338-A199-14ADD84383B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{A24A35DB-D4D8-435D-A370-125AEB86F488}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4DCF4F1-FA9C-4076-BC51-0B8C53FCAAC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AA234437-0A25-421B-9121-2F199F85808A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B204FFE5-0F00-46D9-B552-819FCB1CB6A6}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{C23168DB-5816-42A8-ABA7-1F93514F5B70}" = lport=56891 | protocol=6 | dir=in | name=pando media booster |
"{CF3BE0C4-A8CA-4FB4-A4D6-64811102A17A}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3C9F918-F167-4738-A327-CAC0347AD894}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E523E93F-5E0E-4AC0-98EC-3549D544BC15}" = lport=56891 | protocol=6 | dir=in | name=pando media booster |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005EC1B6-010E-4A6B-9526-BC8F0933738E}" = protocol=17 | dir=in | app=e:\program files (x86)\games\mass effect\binaries\masseffect.exe |
"{0224B58E-689B-4944-9F0A-C0D455EB889C}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{03A6B622-C5F0-481E-898C-EC0DE01863D2}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{07C07871-3500-43A9-98D1-89677D2BE498}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0882A39C-0432-40B8-893C-292CE1E24CCE}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{0CD95239-6412-443D-8B49-8D82ABCA0863}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0EC1F591-F3AC-4726-B8D7-C046F6AB1646}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe |
"{154CC0B7-CAD4-491F-AA34-C38D655A4FCB}" = protocol=6 | dir=in | app=e:\games\call.of.duty.world.at.war-kaos\codwawmp.exe |
"{165E4C73-4971-49A9-9F05-6D4EAA6D9139}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{16F0A390-DB3F-476F-9230-425460D99C71}" = protocol=17 | dir=in | app=e:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{18C52A60-5B62-4FD1-AD44-3F32D7CB979E}" = protocol=17 | dir=in | app=c:\users\abe10tiger\appdata\roaming\dropbox\bin\dropbox.exe |
"{1A308D7B-C2F8-418F-A650-E6715E0799F4}" = protocol=6 | dir=in | app=e:\program files (x86)\games\mass effect\binaries\masseffect.exe |
"{1ADD970D-424E-452A-A853-91E7D66EA260}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1C8B8A89-A19D-449A-BD06-55C625FAD4F1}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{1CD9ED6C-97BC-4449-B7C3-49EBC1750393}" = protocol=6 | dir=in | app=c:\program files (x86)\pcdata\cudaminer.exe |
"{1DACDC3B-66B4-4E06-AD92-39ADA4AE296A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FF2439C-19A2-4B20-BDF2-3BDFCA8BA32C}" = protocol=6 | dir=in | app=c:\users\abe10tiger\appdata\roaming\dropbox\bin\dropbox.exe |
"{213C9224-12AA-43A7-9A0F-A28540C21B9E}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{21C9F43E-5343-4198-BD8E-7D11A30F1969}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{22EF6C51-3E44-4247-A46F-C5864F879CA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{23253637-C67C-4D17-B202-FBB7B946F89F}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{24CB3C6B-9AA9-493B-90A2-BFDC86FF1984}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{274D1186-D816-4586-8CAE-BBEA3C3D720E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{28249794-C143-4D3F-9EAF-342F30FB3181}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{29CB62BF-672C-40B1-B1D6-74C69E3B123B}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{2C383415-5EB4-4D49-94FD-7B842C1E6A1C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{307D9407-07F4-496A-B86D-AF8881CBCE7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{308CF1CA-B7F8-4D86-8401-1D2C6A918582}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{321155FA-4001-4693-AE81-8138DE71C7F9}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\deus ex invisible war\system\dx2.exe |
"{3527B618-C33B-4FAD-9D6E-C9BE17AD9C57}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{37394131-C4A7-4E1C-AA90-C9442690349B}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\rage\rage64.exe |
"{37C2811D-E5BB-47AC-BE02-BFE769C5F8CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AED20E4-95BF-441B-A9F7-6A7A5C9C42F0}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{3B47B183-7B89-45EA-BF58-073A92FDA9A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{43DC44CE-B515-4DEF-A898-3014695944E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46172999-9C01-4870-BCC1-08C91888B4C8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\nmrih\sdk\hl2.exe |
"{487F15F6-C06F-4603-920D-0133DE1DB246}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A011DF1-F860-4557-A765-E179541B24AC}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{547EE69D-9F27-48A0-8C1B-ACF4F83AF25E}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{59179014-1E6A-4D6E-A7A8-D3FD24058230}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5AE498C5-F40D-4DD6-8225-A36BAC70F324}" = dir=in | app=c:\users\abe10tiger\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{6690A544-F156-40F9-80CF-AEAF30084F6A}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6D64F0A0-6898-45EE-B6A0-928701D43A69}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DA99ED9-FFEB-401E-BC4D-5363C3C879FD}" = protocol=6 | dir=in | app=e:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{6FDDE1E9-3BB3-4358-91CA-D21E82B63E4B}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{73368D06-7EE3-4455-8117-2969F8E524AE}" = protocol=6 | dir=in | app=e:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{7AC573D0-9B64-433C-A568-38426620399F}" = protocol=17 | dir=in | app=e:\games\call.of.duty.world.at.war-kaos\codwawmp.exe |
"{7D9DA77F-FAC5-4BF4-A6AB-F984AA15BC40}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7EEDC234-E501-456A-A5A0-4EE35E813B6E}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{7FC69FA0-D740-4BF0-A538-5C1769E7856A}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{807DE1D4-BE25-4EDE-B350-2B306F0B36B6}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{865E07D0-A976-4770-9137-EB2D1E18A97B}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{8812FB07-43FE-407B-9105-D20950CEE45E}" = protocol=17 | dir=in | app=e:\games\call.of.duty.world.at.war-kaos\codwaw.exe |
"{8833BD3A-DFA9-4264-AB21-30094FA7F6D8}" = protocol=6 | dir=in | app=e:\program files (x86)\games\mass effect\masseffectlauncher.exe |
"{8AB9846F-0391-4712-95D8-A83BA5372B26}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8B89C665-EC6F-4E8F-ABD7-A4F7DCD27810}" = protocol=17 | dir=in | app=e:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{8C2FECA8-BBC8-4C09-B7ED-6DD009BF3CD2}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{8C49CE04-FBB0-43D5-86B1-1EA1C8446A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{90BD4895-F2D7-4EFE-B47B-4CDAC45D9524}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steam.exe |
"{90E13AD4-FB99-4403-BA7E-0FBD8F164515}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\nmrih\sdk\hl2.exe |
"{933CE8C5-6BF7-4A1E-BB82-0B8852255B44}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{93A2873C-21FE-4580-A20B-CD553F879A1E}" = protocol=17 | dir=in | app=e:\program files (x86)\games\mass effect\masseffectlauncher.exe |
"{94D0431A-065D-41F8-8E5A-613DA498C673}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{958F85E3-5A0D-4444-A2E4-B39C5404BFCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99D23863-D3ED-45DE-8792-70766B9AF2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9B785858-7406-4D3B-A68C-C30827FAF78D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BE0A79D-492B-4929-AAB2-B48740BD5A72}" = protocol=6 | dir=in | app=e:\games\call.of.duty.world.at.war-kaos\codwaw.exe |
"{9D5DFC9C-E58A-4518-8D5D-A7230C4B8C34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A316224B-0D88-4E95-BFB5-D07679AAE024}" = protocol=6 | dir=in | app=e:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{A3DAC85C-DAAE-4230-8169-4CD8A6440D11}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{A68A5A5A-55DC-46CC-891C-F589F9D6CCB9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A71C5F9E-56A5-41CB-B199-305EFFA1062B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A806A0DA-A84F-4108-9740-164486C0F377}" = protocol=6 | dir=in | app=e:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
"{ACDAF9B1-C6E6-4CC4-877F-74E34B601B3B}" = protocol=17 | dir=in | app=e:\program files (x86)\dead space 3\dead space 3\deadspace3.exe |
"{AE04EFDC-4A02-4738-81AD-5D059B0E1B46}" = protocol=17 | dir=in | app=e:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{AE4D5E79-A37F-4E6B-86CC-DF56FD4BEF9B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AEA3098D-65C3-4933-8DB5-7B1006584DD0}" = protocol=17 | dir=in | app=e:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{AFED7E22-3E77-446A-941C-46F605E29DE5}" = protocol=17 | dir=in | app=e:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
"{B16848CB-5B26-494F-8331-4DD1EDC7954F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B30548E3-49DA-4DDB-AC2B-D39A0FC618C2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B6114E2D-908D-45C8-B520-C481C9A74253}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B787BBD5-A0E6-47EE-A322-3B503B68C630}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{B91E5E23-97B8-48A3-A7D9-71C1E015D83D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B942A9EF-C51D-496B-A645-6B97D5DF6652}" = protocol=6 | dir=in | app=e:\program files (x86)\dead space 3\dead space 3\deadspace3.exe |
"{BFCF0873-C0CD-4EC8-BB1C-44775579D27D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFF5A2BB-A9CE-43FE-A46D-D711566B75B7}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{C002DEFF-A954-4D94-AC76-06587B9EC290}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C230C09B-99E8-4622-9105-E6FDD972309C}" = dir=in | app=e:\program files (x86)\itunes\itunes.exe |
"{C5CF2775-3FB5-4473-B2F8-6281C9AE01AD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C88FE995-04BD-4BC5-BEAD-9722CA40490A}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{C894E237-1530-425E-AFA3-BA4E2FDDB02A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CAAF8B8E-F36F-4AB4-9C74-2D4E0B32CC22}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\rage\rage64.exe |
"{CCCD5470-0A29-4B2D-BDC1-40A4DBA86711}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{CD75A5C4-B8CA-4F3C-879F-F382A53D85AA}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{CD7C2542-7BE1-4F92-A811-A53D958DE607}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE8AE9DC-EA5B-4B5A-BCF9-6104DACF8512}" = protocol=6 | dir=out | app=system |
"{CFE059E1-E870-4A69-88E7-F4900EF51982}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{D07A6113-8FA9-4069-BCD7-25EDE98AFD40}" = protocol=17 | dir=in | app=e:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{D13871E3-D5D1-43BB-9D6B-F4CE349D0D0A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2B05AD4-342E-485D-97BB-571190BB538C}" = protocol=17 | dir=in | app=c:\program files (x86)\flashintegro\videoeditor\videoeditor.exe |
"{D3A7DCF0-D8BE-41CE-BE2E-80C2720EC5DB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D558F2BC-B8D2-4FCE-9304-1E7A16EF8395}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9A743E9-AF40-4478-B6AD-B08A2D02DAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\pcdata\cudaminer.exe |
"{DC4F93E3-7E3C-476B-A194-8AA4B1F2FE56}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe |
"{DDF8ACA6-21F6-4BB4-B35F-F0D050CD677F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DE2000AA-179A-4BB7-8B47-746A6FFBB040}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\deus ex invisible war\system\dx2.exe |
"{E1ECFE2D-0B43-49AC-9C15-0CEF80C0F786}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E2EE812D-FDC7-4AD5-9120-A172B5B2A46A}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{E437644E-EDB1-4056-8CC8-B6B20A2C5C4D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E5BED410-9B14-46F9-A41C-A4A30375F830}" = protocol=6 | dir=in | app=c:\program files (x86)\flashintegro\videoeditor\videoeditor.exe |
"{EA4510CE-00B1-4FEE-A2F4-4494CE2A244F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EF2BE3AA-2323-4159-AC61-988D076E3A01}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{F0BA3979-FC94-4970-B5CA-E277CD623091}" = protocol=6 | dir=in | app=e:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{F13DEE46-07E4-403F-B373-21FE2608CCE1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F3012EC0-6A1E-4757-9920-84A5C77F70F0}" = protocol=17 | dir=in | app=c:\program files (x86)\flashintegro\videoeditor\updater.exe |
"{F321BB9A-8F7D-4989-833E-6C1751CB246D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F39200E3-8F47-4FF9-81F8-F38E6AC0AE9E}" = protocol=6 | dir=in | app=c:\program files (x86)\flashintegro\videoeditor\updater.exe |
"{F42B00B1-5FCD-4512-865F-20A1AD262B1B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F4A219D4-2499-4A62-98D0-7A7DF875FD61}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{F6B660CF-0442-4E59-ADED-8598B3DF5789}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steam.exe |
"{F90683E7-A543-4F92-AF9F-4D853E934FA1}" = protocol=6 | dir=in | app=e:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{F99943FE-82D7-4235-BEBD-F11509C0B0A8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{10D95C11-C5F6-48B1-9F4F-1D4F32AE0FAB}E:\program files (x86)\outlast\binaries\win32\olgame.exe" = protocol=6 | dir=in | app=e:\program files (x86)\outlast\binaries\win32\olgame.exe |
"TCP Query User{1F171E77-747D-414D-80F2-2B327A2A7642}E:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=6 | dir=in | app=e:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |
"TCP Query User{251D7911-E05B-46A6-B974-25C6C6BF77C3}E:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=e:\program files (x86)\thq\dawn of war\w40k.exe |
"TCP Query User{25685D0C-D08A-4EE9-9D04-6A6D24380653}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{257FF927-D237-4F2E-839A-52A7BDC87876}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |

abe10tiger · Apr 15, 2014

"TCP Query User{2FF09754-5117-4C35-A96A-F9C04D8B1B11}E:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steam.exe |
"TCP Query User{328566C0-FFB7-481C-968C-22D5141FD9E7}E:\program files (x86)\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\total war rome ii\rome2.exe |
"TCP Query User{45C84BB6-4530-406B-83A2-2A1ABEA3831F}E:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{46E02FF8-75E3-45A4-AC2F-EA9002F17D24}C:\users\abe10tiger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\abe10tiger\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5BC7B522-F052-4189-AFCB-EB98A821E2F7}E:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=e:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe |
"TCP Query User{5E6B0C0B-2AA3-4D84-9DEA-3E0B129BF314}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{659BBA10-932F-48CD-B822-59D7E656E983}E:\program files (x86)\games\warcraft 3\war3.exe" = protocol=6 | dir=in | app=e:\program files (x86)\games\warcraft 3\war3.exe |
"TCP Query User{6BC5D417-6460-4C20-B468-BB9BE49B0E46}E:\program files (x86)\games\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\program files (x86)\games\electronic arts\dead space\dead space.exe |
"TCP Query User{6BDF958C-A558-42DF-B5A1-638E8C481C36}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{6C5BE6C9-661A-4A94-AD77-8A41C38D1E89}E:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=e:\program files (x86)\thq\dawn of war\w40k.exe |
"TCP Query User{709721E1-7679-4ECA-94B9-BCFBCB6622F3}E:\program files (x86)\aspyr\guitar hero iii\gh3.exe" = protocol=6 | dir=in | app=e:\program files (x86)\aspyr\guitar hero iii\gh3.exe |
"TCP Query User{78872FE4-918C-41EF-B041-A6E9DA0E5A2A}E:\program files (x86)\games\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\program files (x86)\games\electronic arts\dead space\dead space.exe |
"TCP Query User{8193A957-F284-4136-BD12-E23D92399D24}E:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{899761B8-2B43-4520-9082-0BED94580EE1}E:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=e:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{89AFC6D7-7767-4A81-95C2-DF350B7D4186}E:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{8D0C672F-52A9-46D2-9E0A-BD6C2E30C9F3}E:\program files (x86)\games\warcraft 3\war3.exe" = protocol=6 | dir=in | app=e:\program files (x86)\games\warcraft 3\war3.exe |
"TCP Query User{9000A713-37C6-4B1C-8BF0-287F0C76337C}E:\program files (x86)\games\tremulous\tremulous.exe" = protocol=6 | dir=in | app=e:\program files (x86)\games\tremulous\tremulous.exe |
"TCP Query User{9027814C-6A3D-426E-A7B8-B1CAA07B26F7}E:\program files (x86)\microsoft games\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft games\halo custom edition\haloce.exe |
"TCP Query User{9380BCD4-DB22-4631-910D-BC6635970556}E:\program files (x86)\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=e:\program files (x86)\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe |
"TCP Query User{9D59A7D7-25C4-4253-9645-EA8115F92602}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{9F1B92AF-D84C-4052-BA84-0CB3C4B51966}E:\games\call.of.duty.world.at.war-kaos\codwawmp.exe" = protocol=6 | dir=in | app=e:\games\call.of.duty.world.at.war-kaos\codwawmp.exe |
"TCP Query User{B6D6BCD9-63EB-4B65-AF76-DDE56074421E}E:\games\call.of.duty.world.at.war-kaos\codwaw.exe" = protocol=6 | dir=in | app=e:\games\call.of.duty.world.at.war-kaos\codwaw.exe |
"TCP Query User{BA73BB94-5E95-479D-8704-B0CF5AA99E71}E:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{BDF3F8D1-4B7A-4865-890B-44E9A102D7B4}C:\users\abe10tiger\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\abe10tiger\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{C2713328-E167-4A5F-9D5B-CFF0C1881AB3}E:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{D0E92938-4776-47CF-8ACB-3F2CFC03EFD6}E:\program files (x86)\aspyr\guitar hero iii\gh3.exe" = protocol=6 | dir=in | app=e:\program files (x86)\aspyr\guitar hero iii\gh3.exe |
"TCP Query User{DA691A10-0DAA-44B0-8B5A-BAB728E5CD3A}E:\program files (x86)\steam\steamapps\common\marchofwar\marchofwar.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\marchofwar\marchofwar.exe |
"TCP Query User{DD390749-AA28-4BF0-B11B-30E46F4B8590}E:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=e:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{E55DBAFF-32AA-4E53-9484-E85AA7C4CDBB}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{EB90A846-EBAB-4A10-89B6-EFD37CA2ABA0}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{EFD85ED4-2C26-40BD-A030-C26812F8EF48}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F13BBDFF-BB7C-4DFE-9624-D4EBE2033AE4}E:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft games\age of mythology\aom.exe |
"TCP Query User{FA03A804-AEE6-497E-87E7-CCCAB45E3C3F}E:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft games\age of mythology\aom.exe |
"TCP Query User{FD4EC00B-2693-4261-AF75-65F519415806}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
"TCP Query User{FDB9F388-6599-4E5B-B9ED-A0C56C8AA27B}E:\program files (x86)\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"UDP Query User{03E5F316-73B2-4012-80B6-1862CECF60DA}C:\users\abe10tiger\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\abe10tiger\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{08D4F771-64AC-498D-853F-2E9CF79E5A33}E:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steam.exe |
"UDP Query User{0C9FFCF2-07AB-4DC8-A7B2-5D5F7B0DB8D3}E:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=17 | dir=in | app=e:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |
"UDP Query User{2F5E3551-E962-45E6-A87A-213BE0D6A362}E:\program files (x86)\aspyr\guitar hero iii\gh3.exe" = protocol=17 | dir=in | app=e:\program files (x86)\aspyr\guitar hero iii\gh3.exe |
"UDP Query User{2F766D21-C434-45C1-A66A-FAC48CC0C5B7}E:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft games\age of mythology\aom.exe |
"UDP Query User{3260C6CD-D13F-45AC-AE8F-9A3B18343AB6}E:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft games\age of mythology\aom.exe |
"UDP Query User{374F4B5B-AB6F-4096-A2BA-5934382A9E4F}E:\program files (x86)\games\warcraft 3\war3.exe" = protocol=17 | dir=in | app=e:\program files (x86)\games\warcraft 3\war3.exe |
"UDP Query User{3DA82CAE-211B-4A6B-808A-A53565828422}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4B22EBB0-8FCB-4BE3-9694-D4503FB648FA}C:\users\abe10tiger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\abe10tiger\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5DDD2754-995E-4414-B017-2E3B5EFC8BBA}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{625429F9-4674-4100-9367-8469F7E680DA}E:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=e:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{63757706-4F22-4373-AC70-B9A47E2B1B3F}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
"UDP Query User{6CAA8C4C-40E1-4FAB-9550-08BE8D2DBE95}E:\program files (x86)\aspyr\guitar hero iii\gh3.exe" = protocol=17 | dir=in | app=e:\program files (x86)\aspyr\guitar hero iii\gh3.exe |
"UDP Query User{6CAE1B00-5E02-4C28-B42D-DDFE346DF84C}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{7714021E-7C91-4626-86BD-26669790A090}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{77D98BC7-C924-4795-B80C-CCAD6F973FD3}E:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=e:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe |
"UDP Query User{80ECCA16-C8F9-4D36-A6F5-7477558CB26F}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{86339A53-6E8A-4F81-94B2-9C36D78A0B86}E:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{8BD75323-7F43-4C23-ABAF-892CDAAEBBC8}E:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=e:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{94ABA41E-F942-4F0A-BC60-8A0E60569342}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"UDP Query User{9A9E6385-7985-47E6-9672-858C5DAFABD3}E:\program files (x86)\microsoft games\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft games\halo custom edition\haloce.exe |
"UDP Query User{A5F419AD-9D12-4ADA-8348-D0A24F73D4DB}E:\program files (x86)\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\total war rome ii\rome2.exe |
"UDP Query User{B53F2846-B122-4256-B496-8F33CFC156E6}E:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{B7A2BD14-7FF5-45BD-99B0-B9D5046D0CAF}E:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=e:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{BF4C589B-1DB4-40D9-9E43-386799E344D7}E:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{C3CAE761-9F27-4839-8F30-8DEF0744FFEC}E:\program files (x86)\games\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\program files (x86)\games\electronic arts\dead space\dead space.exe |
"UDP Query User{C75A158E-8E00-4906-90BA-EEB2D477E74A}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"UDP Query User{C7E2E471-A974-4B5E-9B04-89DE870BD10A}E:\program files (x86)\games\warcraft 3\war3.exe" = protocol=17 | dir=in | app=e:\program files (x86)\games\warcraft 3\war3.exe |
"UDP Query User{C985D78F-3118-4C12-8C6C-C587C3F94FCC}E:\program files (x86)\outlast\binaries\win32\olgame.exe" = protocol=17 | dir=in | app=e:\program files (x86)\outlast\binaries\win32\olgame.exe |
"UDP Query User{CAE1CC4D-7279-4723-814C-234E860825C3}E:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{CC5E9A16-4B3D-49B9-A1DE-B36EA215E6F8}E:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{CC64930B-978B-4FB3-9747-D7183A82CAF5}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{CDCB38DE-53C6-47EF-A046-75E9E6DCEED7}E:\program files (x86)\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"UDP Query User{D3DC3944-03F4-4C01-9DA5-688D90CCD736}E:\games\call.of.duty.world.at.war-kaos\codwawmp.exe" = protocol=17 | dir=in | app=e:\games\call.of.duty.world.at.war-kaos\codwawmp.exe |
"UDP Query User{D4A1D564-3A70-472A-9205-32A4A6BC8519}E:\program files (x86)\games\tremulous\tremulous.exe" = protocol=17 | dir=in | app=e:\program files (x86)\games\tremulous\tremulous.exe |
"UDP Query User{DE644B67-6E71-4A75-820C-20D8F01A92F1}E:\program files (x86)\games\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\program files (x86)\games\electronic arts\dead space\dead space.exe |
"UDP Query User{E7AA7882-1BEC-4306-9F10-5B0158618B18}E:\program files (x86)\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=e:\program files (x86)\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe |
"UDP Query User{EA95228B-116B-4F51-A18D-4FEAC603D6B4}E:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=e:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{F6E60AF4-3313-4EA5-BC04-D6651045FA50}E:\games\call.of.duty.world.at.war-kaos\codwaw.exe" = protocol=17 | dir=in | app=e:\games\call.of.duty.world.at.war-kaos\codwaw.exe |
"UDP Query User{FC29B4BE-10B7-45DF-BA99-5FE29D0C1B0F}E:\program files (x86)\steam\steamapps\common\marchofwar\marchofwar.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\marchofwar\marchofwar.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC65DFD8-E175-4A85-948A-42965853B2E8}" = Oracle VM VirtualBox 4.3.6
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"83FEC725EC4E8D9B7174F371DC175AD85F7E4C53" = Windows Driver Package - JMicron Technology Corp. (JME) Net (02/25/2010 6.0.17.1)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"My Lockbox_is1" = My Lockbox 2.8.2
"Recuva" = Recuva
"Speccy" = Speccy
"Waterfox 13.0 (x64 en-US)" = Waterfox 13.0 (x64 en-US)
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}" = System Requirements Lab
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1D657FA2-4C53-4CCB-8903-C86AD9338D8F}" = Ginger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{32CD1164-7F51-4AA6-B268-25049C70FE0E}_is1" = Metro Last Light Update 1.0.0.2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{57930C74-D044-4AF1-8A23-3A2CDAF87325}" = TruDirect
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{72423628-6C6A-4246-AA64-8B422BD44786}_is1" = Fallout New Vegas
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{91DEF919-EF90-4482-8823-949F1F9F0B71}_is1" = Anti Keylogger Virtual Keyboard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = CANYON USB PC CAMERA
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA36FB9E-9020-47E6-9BDE-B33A6E36F0F4}" = YTD Toolbar v8.9
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBB168BB-A022-41A0-B901-6FC115D6290E}_is1" = Total War Shogun 2
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{FB83640B-A237-4577-89CD-671C22F08AA6}" = The Walking Dead
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AccelerateTab_is1" = AccelerateTab
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Age Of Empire-II The Age Of Kings" = Age Of Empire-II The Age Of Kings
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Aliens vs. Predator_R.G. Mechanics_is1" = Aliens vs. Predator
"Aliens: Colonial Marines_is1" = Aliens: Colonial Marines
"BioShock Infinite_is1" = BioShock Infinite
"Bookworm Adventures Deluxe 1.0" = Bookworm Adventures Deluxe 1.0
"Call of Duty - Modern Warfare 3_is1" = Call of Duty - Modern Warfare 3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Civitas3" = Grand Ages Rome 1.01
"Comodo Dragon" = Comodo Dragon
"CompuApps OnBelay V2" = CompuApps OnBelay V2
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskAid_is1" = DiskAid 5.47
"DoubleOptMedia11.041.44" = DoubleOptMedia
"FileASSASSIN" = FileASSASSIN
"Fraps" = Fraps (remove only)
"FXAA Post Process Injector" = FXAA Post Process Injector
"Game Booster_is1" = Game Booster 3
"GameAssistant_is1" = Game Assistant
"GamersFirst LIVE!" = GamersFirst LIVE!
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Halo CE" = Microsoft Halo Custom Edition
"iFunbox_is1" = iFunbox (v2.6.2375.747), iFunbox DevTeam
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{1D657FA2-4C53-4CCB-8903-C86AD9338D8F}" = Ginger
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"KeyScrambler" = KeyScrambler
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"McAfee Security Scan" = McAfee Security Scan Plus
"Metro Last Light_is1" = Metro Last Light
"Minecraft1.7.2" = Minecraft1.7.2
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = Vtune 7.16
"New Vegas Configator_is1" = New Vegas Configator version 1.6
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PCData App" = PC Data App
"Photodex Presenter" = Photodex Presenter
"ProShow Gold" = ProShow Gold
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"RocketDock_is1" = RocketDock 1.3.5
"Skyrim - Legendary Edition_R.G. Mechanics_is1" = Skyrim - Legendary Edition
"State of Decay - Breakdown_is1" = State of Decay - Breakdown
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 205790" = Dota 2 Test
"Steam App 208030" = Moon Breakers
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 218230" = PlanetSide 2
"Steam App 224260" = No More Room in Hell
"Steam App 271290" = HAWKEN
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 440" = Team Fortress 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6920" = Deus Ex: Invisible War
"Steam App 9200" = RAGE
"Steam App 9900" = Star Trek Online
"T3V0bGFzdA==_is1" = Outlast
"uTorrent" = µTorrent
"VG90YWxXYXJST01FSUk=_is1" = Total War ROME II
"VLC media player" = VLC media player 1.1.11
"VSDC Free Video Editor_is1" = VSDC Free Video Editor version 1.2.5.12
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"Wrye Bash" = Wrye Bash
"Xfire" = Xfire (remove only)
"XfireCodec" = Xfire Codec (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZD Soft Game Recorder" = ZD Soft Game Recorder
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Abe10tiger
"{B805FF17-92FE-4757-8142-F0A2850DFE03}" = ROBLOX Studio for Abe10tiger
"Dropbox" = Dropbox
"GameRanger" = GameRanger
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 4/15/2014 3:59:54 PM | Computer Name = Abe10tiger-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2014 3:59:54 PM | Computer Name = Abe10tiger-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2014 3:59:54 PM | Computer Name = Abe10tiger-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2014 4:00:06 PM | Computer Name = Abe10tiger-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2014 4:00:06 PM | Computer Name = Abe10tiger-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2014 4:00:06 PM | Computer Name = Abe10tiger-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
< End of report >

Broni · Apr 15, 2014

What happened to Avira? I don't see it running.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: File not found
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Adblock) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - Reg Error: Value error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O15 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-570735593-1496461725-3492070277-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
[2014/03/16 15:53:34 | 000,000,000 | ---D | C] -- C:\IObit
[2014/03/16 16:03:08 | 000,000,000 | ---D | M] -- C:\Users\Abe10tiger\AppData\Roaming\IObit
[2011/12/29 14:57:46 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011/12/29 14:57:46 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2011/12/29 14:57:46 | 000,000,000 | ---D | M] -- C:\Users\Skyrim VidProduction\AppData\Roaming\IObit
[2011/12/29 14:57:46 | 000,000,000 | ---D | M] -- C:\Users\Video Productions\AppData\Roaming\IObit
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1


:Services

:Reg

:Files
C:\FRST
C:\Program Files (x86)\IObit

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Click on "Run ESET Online Scanner" button.
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

abe10tiger · Apr 15, 2014

Broni, having trouble downloading Security Check. The page just won't load. Others such as FSS and TFC are doing fine.

Broni · Apr 15, 2014

Uploaded it for you here: http://www.sendspace.com/file/l7h43q

abe10tiger · Apr 16, 2014

I had to remove Avira because Combofix was telling me that it could still detect it even if it has already been disabled. Thanks for the upload, by the way!

Im having trouble downloading the ESET scanner due to slow internet connection. I'll be posting these three logs first before posting the ESET scan results.

OTL Log

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteEngineAfterUpdate deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteEngineAfterUpdate not found.
Registry key HKEY_USERS\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-570735593-1496461725-3492070277-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
C:\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\IObit\Advanced SystemCare V7 folder moved successfully.
C:\IObit folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\GameAssistant\Productstatics folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\GameAssistant\GameIcon folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\GameAssistant\DocumentsIcon folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\GameAssistant\DB folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\GameAssistant folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5\Startup Manager folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5\Smart RAM folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5\Registrycleaner\backup folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5\Registrycleaner folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5\Internet Booster folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V4\Toolbox folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V4\DiskCheck folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\Abe10tiger\AppData\Roaming\IObit folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
C:\Users\Skyrim VidProduction\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Skyrim VidProduction\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Skyrim VidProduction\AppData\Roaming\IObit folder moved successfully.
C:\Users\Video Productions\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Video Productions\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Video Productions\AppData\Roaming\IObit folder moved successfully.
ADS C:\ProgramData\TEMP

1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
C:\Program Files (x86)\IObit\Surfing Protection\Language folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Database folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\images folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin\Img folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0 folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Update folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Log folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\Language folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\Images folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Update folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Tweak folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Scroll folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Performance folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\News folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Defrag folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\button folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Border folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Boost folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\LatestGames folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Language folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Freeware folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Driver folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Downloadpath folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster folder moved successfully.
C:\Program Files (x86)\IObit\Game Assistant\Skin\Default\glass folder moved successfully.
C:\Program Files (x86)\IObit\Game Assistant\Skin\Default\feedback folder moved successfully.
C:\Program Files (x86)\IObit\Game Assistant\Skin\Default folder moved successfully.
C:\Program Files (x86)\IObit\Game Assistant\Skin folder moved successfully.
C:\Program Files (x86)\IObit\Game Assistant\Language folder moved successfully.
C:\Program Files (x86)\IObit\Game Assistant folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\SecurityHole_Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\BootTimeLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 4\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 4 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Abe10tiger
->Temp folder emptied: 6441741 bytes
->Temporary Internet Files folder emptied: 5402513 bytes
->Java cache emptied: 1657230 bytes
->FireFox cache emptied: 76549676 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57773 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 7213879 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Skyrim VidProduction
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
User: Video Productions
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1686 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11446942 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 104.00 mb
[EMPTYJAVA]
User: Abe10tiger
->Java cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Guest
User: Public
User: Skyrim VidProduction
User: Video Productions
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Abe10tiger
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Guest
User: Public
User: Skyrim VidProduction
->Flash cache emptied: 0 bytes
User: Video Productions
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04162016_085210

Files\Folders moved on Reboot...
File move failed. C:\Users\Abe10tiger\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\Abe10tiger\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Security Check Log:

Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 31
Java 7 Update 51
Adobe Flash Player 13.0.0.182
Adobe Reader XI
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

FSS Log:

Farbar Service Scanner Version: 25-02-2014
Ran by Abe10tiger (administrator) on 16-04-2014 at 10:30:03
Running from "C:\Users\Abe10tiger\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Apr 16, 2014

Reinstall Avira as soon as possible.

I need FSS log from normal not safe mode.

abe10tiger · Apr 17, 2014

Reinstalling Avira.

Still unable to continue with the ESET Scan due to an error that keeps occuring during the virus datebase update.The error: "Unexpected Error 2002"

Booting to normal mode still yields the same results. Trying to open a program in the desktop takes forever to open, and the explorer (bottom part of the desktop xD don't know what it's really called) won't respond.

The reason why Im in safe mode and can't do anything in normal mode.

Broni · Apr 17, 2014

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

abe10tiger · Apr 18, 2014

Windows Repair log

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: ABE10TIGER-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Abe10tiger
Current Profile SID: S-1-5-21-570735593-1496461725-3492070277-1000
Current Profile Classes: S-1-5-21-570735593-1496461725-3492070277-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Abe10tiger\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:20:11

Process Count: 30
Commit Total: 852.20 MB
Commit Limit: 4.00 GB
Commit Peak: 867.18 MB
Handle Count: 7315
Kernel Total: 340.21 MB
Kernel Paged: 282.13 MB
Kernel Non Paged: 58.09 MB
System Cache: 1.16 GB
Thread Count: 351
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.00 GB
Memory Used: 953.30 MB(46.5653%)
Memory Avail.: 1.07 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.00 GB
Memory Used: 738.07 MB(36.0519%)
Memory Avail.: 1.28 GB
--------------------------------------------------------------------------------

Starting Repairs...
Start (4/18/2014 12:02:03 PM)

01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (4/18/2014 12:02:05 PM)
Running Repair Under Current User Account
Done (4/18/2014 12:02:15 PM)

01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (4/18/2014 12:02:15 PM)
Running Repair Under Current User Account
Done (4/18/2014 12:03:46 PM)

01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (4/18/2014 12:03:46 PM)
Running Repair Under Current User Account
Done (4/18/2014 12:25:32 PM)

03 - Register System Files
Start (4/18/2014 12:25:33 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:26:00 PM)

04 - Repair WMI
Start (4/18/2014 12:26:00 PM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
Avira Desktop Exported.

Exporting AntiSpyware Info...
Avira Desktop Exported.
Windows Defender Exported.

Exporting 3rd Party Firewall Info...
No Firewall Products Reported.

Running Repair Under Current User Account
Done (4/18/2014 12:32:09 PM)

05 - Repair Windows Firewall
Start (4/18/2014 12:32:09 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:32:41 PM)

06 - Repair Internet Explorer
Start (4/18/2014 12:32:41 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:33:11 PM)

07 - Repair MDAC/MS Jet
Start (4/18/2014 12:33:11 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:33:23 PM)

08 - Repair Hosts File
Start (4/18/2014 12:33:23 PM)
Running Repair Under Current User Account
Done (4/18/2014 12:33:26 PM)

09 - Remove Policies Set By Infections
Start (4/18/2014 12:33:26 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:33:30 PM)

10 - Repair Start Menu Icons Removed By Infections
Start (4/18/2014 12:33:30 PM)
Running Repair Under Current User Account
Done (4/18/2014 12:33:33 PM)

11 - Repair Icons
Start (4/18/2014 12:33:33 PM)
Running Repair Under Current User Account
Done (4/18/2014 12:33:35 PM)

12 - Repair Winsock & DNS Cache
Start (4/18/2014 12:33:35 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:33:46 PM)

14 - Repair Proxy Settings
Start (4/18/2014 12:33:46 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:33:50 PM)

16 - Repair Windows Updates
Start (4/18/2014 12:33:51 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:12 PM)

17 - Repair CD/DVD Missing/Not Working
Start (4/18/2014 12:34:12 PM)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (4/18/2014 12:34:12 PM)

18 - Repair Volume Shadow Copy Service
Start (4/18/2014 12:34:13 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:19 PM)

20 - Repair MSI (Windows Installer)
Start (4/18/2014 12:34:19 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:24 PM)

22.01 - Repair bat Association
Start (4/18/2014 12:34:24 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:28 PM)

22.02 - Repair cmd Association
Start (4/18/2014 12:34:28 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:33 PM)

22.03 - Repair com Association
Start (4/18/2014 12:34:33 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:38 PM)

22.04 - Repair Directory Association
Start (4/18/2014 12:34:38 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:42 PM)

22.05 - Repair Drive Association
Start (4/18/2014 12:34:42 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:47 PM)

22.06 - Repair exe Association
Start (4/18/2014 12:34:47 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:51 PM)

22.07 - Repair Folder Association
Start (4/18/2014 12:34:51 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:34:56 PM)

22.08 - Repair inf Association
Start (4/18/2014 12:34:56 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:35:01 PM)

22.09 - Repair lnk (Shortcuts) Association
Start (4/18/2014 12:35:01 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:35:05 PM)

22.10 - Repair msc Association
Start (4/18/2014 12:35:05 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:35:10 PM)

22.11 - Repair reg Association
Start (4/18/2014 12:35:10 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:35:15 PM)

22.12 - Repair scr Association
Start (4/18/2014 12:35:15 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:35:19 PM)

23 - Repair Windows Safe Mode
Start (4/18/2014 12:35:19 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:35:24 PM)

24 - Repair Print Spooler
Start (4/18/2014 12:35:24 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:35:28 PM)

25 - Restore Important Windows Services
Start (4/18/2014 12:35:29 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:35:50 PM)

26 - Set Windows Services To Default Startup
Start (4/18/2014 12:35:50 PM)
Running Repair Under Current User Account
Running Repair Under Current User Account
Done (4/18/2014 12:36:03 PM)

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1

Cleaning up empty logs...

All Selected Repairs Done.
Done (4/18/2014 12:36:03 PM)
Total Repair Time: 00:34:02

...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account

Broni · Apr 18, 2014

How are things now?

Inactive Sudden Change in Computer Attitude.

Posts: 611 +16

Posts: 611 +16

Posts: 56,041 +516

Posts: 611 +16

Posts: 611 +16

Posts: 56,041 +516

Posts: 611 +16

Posts: 56,041 +516

Posts: 611 +16

Posts: 56,041 +516

Posts: 611 +16

Posts: 611 +16

Posts: 611 +16

Posts: 611 +16

Posts: 611 +16

Posts: 611 +16

Posts: 56,041 +516

Posts: 611 +16

Posts: 56,041 +516

Posts: 611 +16

Posts: 56,041 +516

Posts: 611 +16

Posts: 56,041 +516

Posts: 611 +16

Posts: 56,041 +516

Similar threads